Bug 4691

Summary: /usr/bin/chage too privileged
Product: [Retired] Red Hat Linux Reporter: Chris Evans <chris>
Component: shadow-utilsAssignee: David Lawrence <dkl>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: abartlet, gafton, notting
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-08-30 02:16:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Evans 1999-08-24 20:06:16 UTC
/usr/bin/chage is suid root.
It runs fine "sgid shadow", proving /etc/shadow is group
shadow and group readable.
Principle of least privilege is violated.
It is a fairly trivial enhancement. It could be implemented
along with making /sbin/pwdb_chkpwd "sgid shadow" too. Two
less suid root binaries, can't be bad can it?

Comment 1 Cristian Gafton 1999-08-30 02:16:59 UTC
That means that the /etc directory will have to be writeable by the
shadow group, because that's wehere the lcok files are created. Making
the whole /etc writeable for the shadow group is not a small price to
pay for this :-(

Comment 2 Andrew Bartlett 2000-11-19 01:19:47 UTC
Why would the shadow group need locking?   Certainly many of the shadow
utilities don't use locks, including chage as far as I can tell.  pwdb_pwchck
also appears not to use locks, so this should actualy be pretty painless.

I think that this is somting thats actualy worth implementing, as RedHat has
been getting better re set-uid utilites, this would nail another couple.