Bug 4328

Summary: bug in glibc inet/rexec.c breaks rexec(3) and rexec(1)
Product: [Retired] Red Hat Linux Reporter: morton
Component: glibcAssignee: Jakub Jelinek <jakub>
Severity: high Docs Contact:
Priority: medium    
Version: 6.0   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-12-15 04:23:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description morton 1999-08-03 06:46:16 UTC
rexec(3) should prompt the user for the logname/password if
it's not supplied by the caller, if it's not in the
environment and if it's not in $HOME/.netrc.

The problem is in glibc's inet/rexec.c.  It's passing a nil
pointer into write() and dropping core.

rexec(3) _should_ be calling getuser() and getpass() prior
to doing that write().

I've tried to explain this to Ulrich but the message isn't
getting through.  Perhaps you guys will have more luck.

To demonstrate:

# rm $HOME/.netrc
# rexec -a localhost date
Memory fault - core dumped

Comment 1 Jeff Johnson 1999-08-15 17:06:59 UTC
This appears to be a glibc problem.

Comment 2 morton 1999-08-16 01:38:59 UTC
yes, it is a glibc issue.  Please see the bug-glibc mailing list
discussion "rexec, rexec() and ruserpass()" at
http://sourceware.cygnus.com/ml/bug-glibc/1999-07/ for the full story.

Note also the memory leak which I have identified.

Ulrich tells me that he'll be looking at this issue RSN, but that was
a couple of weeks back.

Comment 3 Cristian Gafton 1999-08-30 01:52:59 UTC
It is really a debate whether we can change the current behavior in
glibc 2.1. I'd be inclined to say no, bacuse this type of change does
not necessarily fits the definition of a bug fix because it leads to a
changed functionality.

I'll make sure that this will get fixed in glibc 2.2, but for 2.1.x
series I'd rather not change it.

Comment 4 morton 1999-08-30 02:57:59 UTC
This is not a matter of changed functionality or of changing the

Every other rexec(2) in the world prompts the user if the credentials
are not available.  However glibc's rexec(2) will dereference a nil
pointer and drops core.

It's a bug.

Comment 5 Jeff Johnson 2000-02-28 20:29:59 UTC
*** Bug 9715 has been marked as a duplicate of this bug. ***

Comment 6 Jeff Johnson 2000-02-28 21:51:59 UTC
I can't fix the glibc segfault, but rexec in rsh-0.16-10 now prompts
for password (and exits rather than segfaulting).

Comment 7 Cristian Gafton 2000-05-22 14:53:59 UTC
assign to jakub