Red Hat Bugzilla – Bug 12512
usermod/useradd/groupadd fail to check validity of gid number
Last modified: 2008-05-01 11:37:56 EDT
groupmod can create illegal groups usermod can add users to illegal groups if you add yourself to an illegal group, you will not be able to login again, at least with some versions of login. This seems to be a bug - these utilities should protect against simple errors like this (in my case, I added an extra zero to the group number, resulting in an out of reange group). Possibly login should be considered to have a bug - some implementations log you in with only the primary group, while others permit no login - but I cannot vouch for security implications of either approach) the attached code does a simple check of the validity of the group file for a given user, using the installed version of initgroups on the build machine. Perhaps a better approach would be to fork a trail `su` -- but some sort of check should probably be done, and checking int value will break if ported to a system with a larger gid range. #define VERSION "$ Revision 0.1$" #include <unistd.h> #include <stdio.h> #include <stdlib.h> #include <pwd.h> #include <grp.h> #include <sys/types.h> #include <getopt.h> void print_version(char *cmd); void print_usage(char *cmd); int main (int argc, char **argv) { char *username; struct passwd *pw; gid_t gid; int c; int option_index = 0; static struct option long_options[] = { {"help", no_argument, 0,'h'}, {"version", no_argument, 0,'V'}, {"user", required_argument,0,'u'}, {0,0,0,0} }; while (1) { c = getopt_long(argc,argv,"+hVu:",long_options,&option_index); if (c==-1 || c==EOF) break; switch (c) { case '?': /* print short usage statement if args not parsable */ printf("%s: Unknown argument: %s\n\n",argv[0],optarg); exit(1); case 'h': /* help */ print_usage(argv[0]); exit(0); case 'V': /* version */ print_version(argv[0]); exit(0); case 'u': /* hostname */ username = malloc(strlen(optarg)); if (username==NULL) exit(1); strcpy(username,optarg); break; } } if (username==NULL) { print_usage(argv[0]); exit(1); } if (strspn(username,"0123456789")==strlen(username)) pw=getpwuid((uid_t)atoi(username)); else pw=getpwnam(username); if (pw==NULL) { printf("%s: invalid username %s\n",argv[0],username); exit(1); } strcpy(username,pw->pw_name); gid=pw->pw_gid; c=initgroups(username,gid); printf("%d\n",c); return c; } void print_usage(char *cmd) { printf("Usage: %s -u <user>\n",cmd); } void print_version(char *cmd) { char version[20]; sscanf(VERSION,"$ Revision %[^$]$",&version); printf("%s %s\n",cmd,version); }
double checking, the downstream problem is NOT with login, it's with `su` It shows up if you try and ssh to the host with the corrupt group file, but you can still login at the console. Also, shouldn't grpck also report this as a problem with the group file?
usermod and friends have been fixed in rawhide.