<div><div><div><div><div><br></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 21 May 2019 at 23:26, Christian Heimes <<a href="mailto:christian@python.org" target="_blank">christian@python.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 21/05/2019 18.08, Giampaolo Rodola' wrote:<br>
> <br>
> <br>
> On Tue, 21 May 2019 at 21:13, Christian Heimes <<a href="mailto:christian@python.org" target="_blank">christian@python.org</a> <mailto:<a href="mailto:christian@python.org" target="_blank">christian@python.org</a>>> wrote:<br>
> <br>
> crypt<br>
> ~~~~~<br>
> <br>
> The `crypt <<a href="https://docs.python.org/3/library/crypt.html" rel="noreferrer" target="_blank">https://docs.python.org/3/library/crypt.html</a>>`_ module implements<br>
> password hashing based on ``crypt(3)`` function from ``libcrypt`` or<br>
> ``libxcrypt`` on Unix-like platform. The algorithms are mostly old, of poor<br>
> quality and insecure. Users are discouraged to use them.<br>
> <br>
> * The module is not available on Windows. Cross-platform application need<br>
> an alternative implementation any way.<br>
> * Only DES encryption is guarenteed to be available. DES has an extremely<br>
> limited key space of 2**56.<br>
> * MD5, salted SHA256, salted SHA512, and Blowfish are optional extension.<br>
> SSHA256 and SSHA512 are glibc extensions. Blowfish (bcrypt) is the only<br>
> algorithm that is still secure. However it's in glibc and therefore not<br>
> commonly available on Linux.<br>
> * Depending on the platform, the ``crypt`` module is not thread safe. Only<br>
> implementations with ``crypt_r(3)`` are thread safe.<br>
> * The module was never useful to interact with system user and password<br>
> databases.<br>
> <br>
> <br>
> This is actually not true. Their main use case is to compare passwords against the shadowed password db:<br>
> <a href="https://github.com/giampaolo/pyftpdlib/blob/ee7b36c701b78b2d36e938c42d08dbfbad55a34f/pyftpdlib/authorizers.py#L413" rel="noreferrer" target="_blank">https://github.com/giampaolo/pyftpdlib/blob/ee7b36c701b78b2d36e938c42d08dbfbad55a34f/pyftpdlib/authorizers.py#L413</a><br>
> A quick search on <a href="http://searchcode.com" rel="noreferrer" target="_blank">searchcode.com</a> <<a href="http://searchcode.com" rel="noreferrer" target="_blank">http://searchcode.com</a>> shows both spwd and crypt modules are used. I am no security expert (and I wasn’t aware they are insecure until now, since the doc doesn’t mention it) but I would prefer seeing these 2 fixed or improved rather than bluntly removed. <br>
<br>
No, the statement is correct. I may have to explain this even further.<br>
<br>
The approach in pyftpdlib is the wrong and IMO deserves a CVE. The crypt() + spwd() approach is flawed on multiple levels. For example it bypasses account restriction, access control, and login session. It also requires you to run the service as root and with SELinux disabled or an unconfined context -- a bad combination. There is only one correct way to perform a credential check: use PAM.<br>
<br>
spwd can't be fixed. It could only be replaced with a completely different API that wraps PAM and Windows's authentication API.<br>
<br>
Christian<br>
<br>
PS: Authentication, authorization, and identity management are part of my day job at Red Hat.<br>
</blockquote></div></div><div dir="auto"><br></div></div></div></div></div><div><div><div><div><div dir="auto">Got it. I had no idea. Since you mentioned the CVE it looks like spwd/crypt doc deserve a warning. This is probably out of the scope of the PEP, but I wonder if the 3 third-party alternatives mentioned in the PEP are mature enough and could be evaluated for stdlib inclusion (the part re. PAM / password-checking at least). Perhaps spwd/crypt could be deprecated in 3.8 and the alternative added in 3.9 before the 3.10 removal.</div><div dir="auto"><br></div><div dir="auto"><br></div>
</div>
</div>
</div>
</div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>Giampaolo - <a href="http://grodola.blogspot.com" target="_blank">http://grodola.blogspot.com</a></div><div><br></div></div></div>