Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 646380

Summary: lgroupmod can corrupt the format of /etc/group
Product: Red Hat Enterprise Linux 5 Reporter: Miroslav Vadkerti <mvadkert>
Component: libuserAssignee: Miloslav Trmač <mitr>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.6CC: mmalik
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 454646 Environment:
Last Closed: 2013-10-31 19:01:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 454646    
Bug Blocks:    

Description Miroslav Vadkerti 2010-10-25 09:36:02 UTC 
+++ This bug was initially created as a clone of Bug #454646 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.15) Gecko/20080702 Fedora/2.0.0.15-1.fc8 Firefox/2.0.0.15

Description of problem:
lgroupmod has the same problem which is described in bz#454443. Some strings are not checked for ':'.

Version-Release number of selected component (if applicable):
libuser-0.56.6-2

How reproducible:
Always


Steps to Reproduce:
# lgroupadd poorgroup
# grep poor /etc/group
poorgroup:x:502:
# grep poor /etc/gshadow
poorgroup:!!::
# lgroupmod -n "poor:group" poorgroup
Group poorgroup could not be modified: data not found in file
# grep poor /etc/group
poor:x:x:502:
# grep poor /etc/gshadow
poor:!!:!!::
# lgroupdel poorgroup
Group poorgroup does not exist.
# lgroupdel "poor:group"
Group poor:group does not exist.
# lgroupdel "poor"

** (process:14622): WARNING **: invalid ID
Group poor could not be deleted: group poor has no GID


Actual Results:
lgroupmod accepts a group name containing ':'.

Expected Results:
lgroupmod refuses a group name containing ':'.

Additional info:

--- Additional comment from mmalik on 2008-07-10 08:53:00 EDT ---

Following parameters of lgroupmod are vulnerable to "<some>:<thing>" attack:
-A
-M
-n
-p

RHTS test for this bug is available (
/CoreOS/libuser/Regression/bz454646-lgroupmod-corrupt-etc-group ).

--- Additional comment from mitr on 2008-07-23 09:37:49 EDT ---

Thanks for your report.

Parts should be fixed in current development version, the rest is
https://fedorahosted.org/libuser/ticket/2 .

--- Additional comment from fedora-triage-list on 2008-11-26 05:58:58 EST ---


This message is a reminder that Fedora 8 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 8.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '8'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 8's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 8 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping

--- Additional comment from fedora-triage-list on 2009-11-18 03:13:38 EST ---


This message is a reminder that Fedora 10 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 10.  It is Fedora's policy to close all
bug reports from releases that are no longer maintained.  At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '10'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 10's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 10 is end of life.  If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora please change the 'version' of this 
bug to the applicable version.  If you are unable to change the version, 
please add a comment here and someone will do it for you.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events.  Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 1 Miroslav Vadkerti 2010-10-25 09:36:24 UTC 
RHEL5 package: libuser-0.54.7-2.1.el5_4.1
Comment 2 RHEL Program Management 2011-01-11 21:08:31 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 3 RHEL Program Management 2011-01-11 22:57:56 UTC 
This request was erroneously denied for the current release of
Red Hat Enterprise Linux.  The error has been fixed and this
request has been re-proposed for the current release.
Comment 4 RHEL Program Management 2011-05-31 13:44:39 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 5 RHEL Program Management 2011-09-23 00:19:21 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 6 RHEL Program Management 2012-06-12 01:09:07 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 7 Miloslav Trmač 2013-10-31 19:01:10 UTC 
This Bugzilla has been reviewed by Red Hat and is not planned on being addressed in Red Hat Enterprise Linux 5, and therefore will be closed. If this bug is critical to production systems, please contact your Red Hat support representative and provide sufficient business justification. Issue is already fixed in RHEL-6/7.