444107 – [RHEL4] userdel/usermod infinite loop with duplicate names in /etc/group or /etc/gshadow

Bug 444107 - [RHEL4] userdel/usermod infinite loop with duplicate names in /etc/group or /etc/gshadow

Summary: [RHEL4] userdel/usermod infinite loop with duplicate names in /etc/group or /...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	shadow-utils
Sub Component:
Version:	4.6
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Peter Vrabec
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	240915
Blocks:	655088
TreeView+	depends on / blocked

Reported:	2008-04-25 02:19 UTC by Andrew Hecox
Modified:	2018-10-19 20:14 UTC (History)
CC List:	2 users (show)
Fixed In Version:	RHBA-2008-0692
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	655088 (view as bug list)
Environment:
Last Closed:	2008-07-24 19:37:16 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
update grpconv to update_entry function (830 bytes, patch) 2008-04-25 13:15 UTC, Kenneth Topp	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2008:0692	0	normal	SHIPPED_LIVE	shadow-utils bug fix and enhancement update	2008-07-23 15:56:19 UTC

Comment 2 Kenneth Topp 2008-04-25 13:15:03 UTC

Created attachment 303779 [details]
update grpconv to update_entry function

update grpconv to update_entry function

all commands that call gr_next after running gr_update on a dup group are at
risk.

at least grpconv is.  patch attached.


groupadd - only update a non existant group, however broken nsswitch could make

getgrnam return 0, and find_by_name would get a dup. but luckily the gr_next
occurs before gr_update
newusers -similar to groupadd
grpunconv - needs to be fixed, can fix just like my attached patch, if it's
desirable.

Comment 13 errata-xmlrpc 2008-07-24 19:37:16 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0692.html

Note You need to log in before you can comment on or make changes to this bug.