Bug 450262
Summary: | usermod/useradd may inadvertently give access to group root | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Ralph Angenendt <ralph> | ||||
Component: | shadow-utils | Assignee: | Peter Vrabec <pvrabec> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | low | ||||||
Version: | 5.2 | CC: | bressers, mmalik, riek, sgrubb | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2008-09-03 09:03:32 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Ralph Angenendt
2008-06-06 09:27:58 UTC
Created attachment 309604 [details]
fix candidate
This fixes it for me. This was just brought to my attention by sgrubb. I'm inclined to say this isn't a security issue as it's the result of user error. I will agree that the behavior is undesirable, but not serious enough to be classified as a security flaw. Nobody said it's a security issue, but it's an ugly bug none the less. The patch in comment 2 fixes the issue for me, as you cannot add empty groups anymore. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0866.html |