Bug 119943 - CAN-2004-0233: Utempter accepts bad devices
CAN-2004-0233: Utempter accepts bad devices
Product: Fedora
Classification: Fedora
Component: utempter (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Mike A. Harris
David Lawrence
: Security
Depends On:
Blocks: FC2Blocker
  Show dependency treegraph
Reported: 2004-04-03 16:12 EST by Steve Grubb
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-04-23 01:28:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Steve Grubb 2004-04-03 16:12:33 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.4.2)

Description of problem:
I was doing a code audit of the latest version of utempter and I
have spotted a bug. In utempter.c around line 27 is:

    if (strstr(device, "/../") || strstr(device, "/./") ||
        strstr(device, "//")) {
        fprintf(stderr, "a simple path is required\n");
I think an exit was omitted. I think it should have been:

    if (strstr(device, "/../") || strstr(device, "/./") ||
        strstr(device, "//")) {
        fprintf(stderr, "a simple path is required\n");

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Problem was found in code review.

Additional info:

There are programs that trust the data in the utmp file to be
validated. The utempter program is potentially accepting tty devices
from outside the /dev directory. This is an extremely simple no
brainer to fix.

Please make the above patch before releasing fedora core 2 final.
Comment 1 Mike A. Harris 2004-04-23 01:28:34 EDT
Thanks for reporting Steve.  We have released erratum for Fedora
Core 1 for this issue, and erratum is in QA testing for all other
OS releases.  Updated package also in Fedora devel.


Note You need to log in before you can comment on or make changes to this bug.