Bug 147789 - mailman-2.1.5-8.fc2 rpm alters /etc/gshadow
Summary: mailman-2.1.5-8.fc2 rpm alters /etc/gshadow
Alias: None
Product: Fedora
Classification: Fedora
Component: shadow-utils   
(Show other bugs)
Version: 2
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Peter Vrabec
QA Contact:
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2005-02-11 10:39 UTC by Bruce McEachern
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-03-08 10:45:22 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
contents of %pre that creates or alters mailman user/group (639 bytes, text/plain)
2005-02-15 22:21 UTC, John Dennis
no flags Details
the latest shadow-utils from devel (1.01 MB, application/octet-stream)
2005-03-14 12:58 UTC, Peter Vrabec
no flags Details

Description Bruce McEachern 2005-02-11 10:39:11 UTC
Description of problem:

after RPM up(2)date to mailman-2.1.5-8.fc2 discovered altered
/etc/gshadow (I've restored to the proper file):

[root@localhost etc]# diff gshadow.crap_from_RPM_update_050210 gshadow
< mailman:x::,n,,,,,,n,,,n,,,,an,,x,,,,
> mailman:x::


[root@localhost etc]# di gshadow.crap_from_RPM_update_050210
----------  1 root root 755 Feb 10 03:20
[root@localhost etc]#

where the up2date ran at 03:20 on Feb 10. It appear this 
could be an exploit of some kind to me. I suppose it could 
just be sloppiness on your part and silliness on mine, but 
I thought it better to let you know and look silly if it is.

Version-Release number of selected component (if applicable):


How reproducible:

If it is from the RPM (I can check which mirror it came from if 
you need me to, and you tell me where to look) you should be able 
to reproduce it...I don't care to. I grabbed the RPM from the duke 
site and popped it open and can't find anything to explain the 
gshadow alteration right off the bat (passwd and group were also 
touched, but not altered), but I'm not particularly clever 
(there's an awful lot of python code there, megs & megs). 

Steps to Reproduce:
1. d/l rpm & install with up2date
Actual results:

Expected results:

Additional info:

Comment 1 John Dennis 2005-02-15 22:19:29 UTC
I can't explain this either. I've never seen it before. There is
nothing in Mailman that alters the user and group information, this is
all in the %pre script of the spec file. I'm attaching the relevant
lines that invoke the commands to add or modify the user/group for

I regularly install mailman rpm's on our different releases and I've
never seen this before.

I'm cc'ing our resident shadow expert, Nalin, to see if he can
identify anything. If Nalin doesn't see anything suspicious maybe
we'll just chalk this up as bizarre unless it shows up again.

Comment 2 John Dennis 2005-02-15 22:21:31 UTC
Created attachment 111113 [details]
contents of %pre that creates or alters mailman user/group

Comment 3 Scott Weikart 2005-02-21 02:37:07 UTC
I had exactly the same experience after using 'yum update' to install
about 2 weeks of updates (including mailman-2.1.5-8.fc2).

Comment 4 John Dennis 2005-02-23 14:55:47 UTC
Scott, with respect to comment #3, was the mailman entry in gshadow
identically altered in your case as was originally reported? In other
words did it end up looking like this:


Comment 5 Scott Weikart 2005-02-23 17:07:13 UTC
Yes, which I just verified with 'fgrep -x /etc/gshadow~'.

In fact, I found this bugzilla entry by searching for
",n,,,,,,n,,,n,,,,an,,x,,,," in google!

Comment 6 John Dennis 2005-03-02 15:01:27 UTC
After talking with Nalin the conclusion seems to be this must be an
issue with shadow-utils and not mailman. So I'm changing the component
to shadow-utils.

Comment 7 Peter Vrabec 2005-03-08 10:45:22 UTC
The problem is maxmem.patch in shadow-utils.
Use shadow-utils >= 2:4.0.3-59.

Comment 8 Bruce McEachern 2005-03-10 06:01:41 UTC
But Peter, shouldn't this upgrade (to shadow-utils >= 2:4.0.3-59) be 
in an Up2Date package for FC2? I think I have (and had) run all the 
stuff Yum had told me about (told my computer about, really). I look 
and have:

- [root@localhost src]# rpm -qa | grep shadow-utils
- shadow-utils-4.0.3-55
- [root@localhost src]#

Just thought you guys were gonna save me from having to know/figure 
this stuff out. Shouldn't there be a "requires" in the mailman RPM 
or something?

Thanks for running the obscure "what the hell?..." down. Cheers, 

(lazy, apparently...) Bruce
(In reply to comment #7)
> The problem is maxmem.patch in shadow-utils.
> Use shadow-utils >= 2:4.0.3-59.

Comment 9 Peter Vrabec 2005-03-14 12:58:10 UTC
Created attachment 111976 [details]
the latest shadow-utils from devel

Comment 10 Scott Weikart 2005-03-15 02:18:40 UTC
I want to echo Comment #8: I have the same version of shadow-utils, and I
frequently run "yum update".

Note You need to log in before you can comment on or make changes to this bug.