Saturday, October 22, 2022

[SOLVED] What is the best way to store authentication (login) in a system when a user has been authenticated using shadow in Linux with C++

October 22, 2022 authentication, c++, linux, security, shadow

Issue

I have a project called kos and it's a simple SUID tool, recently as a lot of people in private have been asking me I added authentication storing/remembering, but it's not that good

So what happens basically is:

Verify that the user has entered the correct password
If the password is correct set the temp_validate_user variable to true and temp_validate_user_id to the authenticated user's ID (e.g. 1000)
In the run_command function, after setting the appropriate IDs (uid, euid, gid and egid) do:
- If the last modified timestamp is less than the set max ammount, remove /var/kos/<user id>
- Else if temp_validate_user is still set make sure /var/kos exists, if not make it then make a file called /var/kos/<user id> (e.g. /var/kos/1000)

To put it simply we just store a file called /var/kos/<user id> and then check if its last modified timestamp is less than the max ammount

But we got a problem

Even though the dir is root-only with kos you can get root and if you verify once you can do this:

while true; do echo | kos touch "/var/kos/$(id -u)"; done

And when the user authenticates the file will be be updated all the time meaning you can have infinite root bypass

So the question is, is there ANY better way to do this, I really need to find a better way because as more of the time passes I keep getting more and more worried about it and I can't think of anything

Oh and if it wasn't clear already, I don't want to use PAM or anything else other than pure C or C++

Related commits and lines of code:

Thanks for the answers in advance :)

Questions and answers

What's your goal?

Store that the user has logged in for x ammount of seconds then if x seconds have passed invalidate it, but until x seconds hasn't passed don't ask the specific logged in user to enter their password

Solution

As @ThomasWeller sudo does the same thing, meaning it's secure enough, I dropped the terms on the dir from 744 to 711 and file perms from 744 to 600

Thank you @ThomasWeller once again

Answered By - Ari157

Answer Checked By - David Goodson (WPSolving Volunteer)

This Answer collected from stackoverflow and tested by PythonFixing community admins, is licensed under cc by-sa 2.5 , cc by-sa 3.0 and cc by-sa 4.0

Saturday, October 22, 2022

[SOLVED] What is the best way to store authentication (login) in a system when a user has been authenticated using shadow in Linux with C++

Issue

Questions and answers

Solution

Popular Posts

Labels