Bug 246681 - umask not honored in mkhomedir
Summary: umask not honored in mkhomedir
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: oddjob
Version: 5.0
Hardware: All
OS: Linux
low
low
Target Milestone: ---
: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-07-03 22:18 UTC by Jose Plans
Modified: 2018-10-19 19:50 UTC (History)
1 user (show)

Fixed In Version: RHBA-2008-0021
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-16 14:04:51 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
epipe_octals (1.41 KB, patch)
2007-07-03 22:18 UTC, Jose Plans 		no flags Details | Diff
current proposed patch (2.52 KB, patch)
2007-12-07 18:43 UTC, Nalin Dahyabhai 		no flags Details | Diff
Show Obsolete (1) View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2008:0021 0 normal SHIPPED_LIVE oddjob bug fix update 2008-01-16 14:04:48 UTC

Description Jose Plans 2007-07-03 22:18:40 UTC 
Description of problem:

pam_oddjob_mkhomedir does not honour umask while creating home directories.

the umask in the original code is processed with atoi() which translates the
string in integer base 10; this makes the umask incorrect if it's led by 0.
Changing this by strtol() base 8 makes it work as expected.

However some checks were added, since strtol() in most of the cases returns 0 if
we passed non-integer values, we can result then into a umask(0) which would
provide world-wide writable rights to every file created within that home directory.

Version-Release number of selected component (if applicable):
oddjob-0.27-1

How reproducible:
Always.

Steps to Reproduce:
1. Create a user testuser
2. echo testuser | /usr/lib/oddjob/mkhomedir -u 0077
3. ls -ld /home/testuser
  


Actual results:
% echo testuser | /usr/lib/oddjob/mkhomedir -u 0077
Creating home directory for testuser.
% ls -ld /home/testuser
drw-r----- 3 testuser testuser 4096 Jun 29 10:54 /home/testuser

Expected results:
% echo testuser | sudo ./mkhomedir -u 0077
Creating home directory for testuser.
% ls -ld /home/testuser
drwx------ 3 testuser testuser 4096 Jun 29 10:55 /home/testuser

Additional info:
With the additional code, since this can also provide data on input stream, we
should close pipes before writing.

There were two cases I think we should prevent EPIPE, one is the --help, the
other one is when the -u umask is not octal string so we abort (with patch applied).

To reproduce:

With no patch:
  % echo test | /usr/lib/oddjob/mkhomedir --help
  That provides Broken Pipe
With patch adds another one (fixed):
  % echo test | /usr/lib/oddjob/mkhomedir -u not_an_octal_string

Let me know if you need more infos.
Comment 1 Jose Plans 2007-07-03 22:18:41 UTC 
Created attachment 158482 [details]
epipe_octals
Comment 2 Nalin Dahyabhai 2007-09-05 21:20:17 UTC 
I think that ignoring SIGPIPE in oddjobd so that its calls to write() return
with an EPIPE error would be preferable.  The strtol() function already returns
an error if the data passed to it isn't a number of some kind, so calling it
directly should be fine.  Doing that for 0.29.
Comment 5 Nalin Dahyabhai 2007-12-07 18:43:31 UTC 
Created attachment 281471 [details]
current proposed patch
Comment 10 errata-xmlrpc 2008-01-16 14:04:51 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0021.html
Note You need to log in before you can comment on or make changes to this bug.