Bug 4328 - bug in glibc inet/rexec.c breaks rexec(3) and rexec(1)
bug in glibc inet/rexec.c breaks rexec(3) and rexec(1)
Status: CLOSED CURRENTRELEASE
Product: Red Hat Linux
Classification: Retired
Component: glibc (Show other bugs)
6.0
All Linux
medium Severity high
: ---
: ---
Assigned To: Jakub Jelinek
:
: 9715 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 1999-08-03 02:46 EDT by morton
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-12-14 23:23:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description morton 1999-08-03 02:46:16 EDT
rexec(3) should prompt the user for the logname/password if
it's not supplied by the caller, if it's not in the
environment and if it's not in $HOME/.netrc.

The problem is in glibc's inet/rexec.c.  It's passing a nil
pointer into write() and dropping core.

rexec(3) _should_ be calling getuser() and getpass() prior
to doing that write().

I've tried to explain this to Ulrich but the message isn't
getting through.  Perhaps you guys will have more luck.

To demonstrate:

# rm $HOME/.netrc
# rexec -a localhost date
Memory fault - core dumped
Comment 1 Jeff Johnson 1999-08-15 13:06:59 EDT
This appears to be a glibc problem.
Comment 2 morton 1999-08-15 21:38:59 EDT
yes, it is a glibc issue.  Please see the bug-glibc mailing list
discussion "rexec, rexec() and ruserpass()" at
http://sourceware.cygnus.com/ml/bug-glibc/1999-07/ for the full story.

Note also the memory leak which I have identified.

Ulrich tells me that he'll be looking at this issue RSN, but that was
a couple of weeks back.
Comment 3 Cristian Gafton 1999-08-29 21:52:59 EDT
It is really a debate whether we can change the current behavior in
glibc 2.1. I'd be inclined to say no, bacuse this type of change does
not necessarily fits the definition of a bug fix because it leads to a
changed functionality.

I'll make sure that this will get fixed in glibc 2.2, but for 2.1.x
series I'd rather not change it.
Comment 4 morton 1999-08-29 22:57:59 EDT
This is not a matter of changed functionality or of changing the
interface.

Every other rexec(2) in the world prompts the user if the credentials
are not available.  However glibc's rexec(2) will dereference a nil
pointer and drops core.

It's a bug.
Comment 5 Jeff Johnson 2000-02-28 15:29:59 EST
*** Bug 9715 has been marked as a duplicate of this bug. ***
Comment 6 Jeff Johnson 2000-02-28 16:51:59 EST
I can't fix the glibc segfault, but rexec in rsh-0.16-10 now prompts
for password (and exits rather than segfaulting).
Comment 7 Cristian Gafton 2000-05-22 10:53:59 EDT
assign to jakub

Note You need to log in before you can comment on or make changes to this bug.