Description of Problem: passwd has --stdin option to take new password from stdin. The passwd code doesn't seem to handle read errors from stdin: passwd.c:L370 char newPassword[80]; int i; i = read(STDIN_FILENO, newPassword, sizeof(newPassword) - 1); newPassword[i - 1] = '\0'; conv.conv = stdin_conv; conv.appdata_ptr = strdup(newPassword); If the read call returns -1 or 0 then the code writes \0 byte out of newPassword array and copies "random" memory as new password. Fortunately the --stdin option is restricted to root. Version-Release number of selected component (if applicable): Name : passwd Relocations: (not relocateable) Version : 0.67 Vendor: Red Hat, Inc. Release : 1 Build Date: Thu Mar 14 03:44:31 2002 (I looked at the passwd code from RH 6.2 (passwd-0.64.1-1) and it appears to have the same problem). Expected result: passwd should handle possible read error from stdin instead of setting the password to "junk"
This is fixed in the current Fedora Core and RHEL releases.