747317 – yppasswdd returns success when /etc/passwd.adjunct is not writable

Bug 747317 - yppasswdd returns success when /etc/passwd.adjunct is not writable

Summary: yppasswdd returns success when /etc/passwd.adjunct is not writable

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	ypserv
Sub Component:
Version:	5.8
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Honza Horak
QA Contact:	Petr Sklenar
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	747334 747335
TreeView+	depends on / blocked

Reported:	2011-10-19 13:25 UTC by Honza Horak
Modified:	2012-02-21 05:53 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	747334 747335 (view as bug list)
Environment:
Last Closed:	2012-02-21 05:53:50 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
proposed patch that reports failure when rename() fails (1.28 KB, patch) 2011-10-19 14:14 UTC, Honza Horak	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2012:0205	0	normal	SHIPPED_LIVE	ypserv bug fix and enhancement update	2012-02-20 14:53:39 UTC

Description Honza Horak 2011-10-19 13:25:09 UTC

Description of problem:
If rpc.yppasswdd cannot write into /etc/passwd.adjunct (or /etc/shadow in standard configuration) because of wrong SELinux context, rpc.yppasswdd still reports success, which is wrong.

Version-Release number of selected component (if applicable):
ypserv-2.19-8.el5

How reproducible:
every-time

Steps to Reproduce:
1. change context of /etc/shadow or /etc/passwd.adjunct to wrong one
# chcon -t etc_t /etc/passwd.adjunct
2. try to change password of a user using yppasswd
3. /etc/passwd.adjunct is not updated and a message "Cannot create backup file /etc/passwd.adjunct.OLD: Permission denied" is logged into /var/log/messages
  
Actual results:
yppasswd returns success, so as rpc.yppasswdd in /var/log/messages

Expected results:
yppasswd returns failure, so as rpc.yppasswdd in /var/log/messages

Comment 1 Honza Horak 2011-10-19 14:14:06 UTC

Created attachment 529012 [details]
proposed patch that reports failure when rename() fails

Comment 2 Honza Horak 2011-10-25 08:00:00 UTC

Just a note that this bug is easy to test with only slightly modified /CoreOS/ypserv/Regression/rfe-yppasswdd-support-passwd-adjunct.

Comment 4 Honza Horak 2011-10-25 13:50:35 UTC

Committed to CVS, moving to modified. 
http://post-office.corp.redhat.com/archives/cvs-commits-list/2011-October/msg05734.html

Comment 7 errata-xmlrpc 2012-02-21 05:53:50 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0205.html

Note You need to log in before you can comment on or make changes to this bug.