Bug 646386 - lnewusers can corrupt /etc/passwd
Summary: lnewusers can corrupt /etc/passwd
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: libuser
Version: 5.6
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Miloslav Trmač
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On: 454892
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-10-25 09:44 UTC by Miroslav Vadkerti
Modified: 2010-10-25 17:48 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 454892
Environment:
Last Closed: 2010-10-25 17:48:03 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Miroslav Vadkerti 2010-10-25 09:44:02 UTC
+++ This bug was initially created as a clone of Bug #454892 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.15) Gecko/20080702 Fedora/2.0.0.15-1.fc8 Firefox/2.0.0.15

Description of problem:
lnewusers doesn't check the input line if it contains too many ':' characters

Version-Release number of selected component (if applicable):
libuser-0.56.6-2

How reproducible:
Always


Steps to Reproduce:
1. lnewusers
2. write following string, press enter, press CTRL+D
testuser:password:543:543:test:user:/home/testuser:/bin/bash
3. you should see an error message like this:
Error creating home directory for testuser: couldn't determine security context for `user': No such file or directory
4. grep testuser /etc/passwd
testuser:x:543:543:test:user:/home/testuser:/bin/bash:/bin/bash

Actual Results:
lnewusers accepts line with too many ':' characters

Expected Results:
lnewusers rejects line with too many ':' characters

Additional info:

--- Additional comment from mmalik on 2008-07-16 09:19:59 EDT ---

RHTS test for this bug is available
(/CoreOS/libuser/Regression/bz454892-lnewusers-corrupt-etc-passwd ). 

--- Additional comment from mitr on 2008-07-23 09:42:05 EDT ---

Thanks for your report.

I believe this is actually correct behavior: libc's getpwent() doesn't reject
pw_shell values that contain ':', only the first 6 ':' characters serve as field
separators.

It's somewhat counter-intuitive, but it is in principle possible that somebody's
shell path contains a ':', and lnewusers should not reject lines that come from
a working /etc/passwd.

Comment 1 Miloslav Trmač 2010-10-25 17:48:03 UTC
See above:

> I believe this is actually correct behavior: libc's getpwent() doesn't reject
> pw_shell values that contain ':', only the first 6 ':' characters serve as
> field separators.

> It's somewhat counter-intuitive, but it is in principle possible that somebody's
> shell path contains a ':', and lnewusers should not reject lines that come from
> a working /etc/passwd.


Note You need to log in before you can comment on or make changes to this bug.