Bug 77646 - passwd falsely reports successful change when /etc/shadow is immutable
Summary: passwd falsely reports successful change when /etc/shadow is immutable
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: pam
Version: 3.0
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
URL:
Whiteboard:
: 136369 (view as bug list)
Depends On:
Blocks: 132991
TreeView+ depends on / blocked
 
Reported: 2002-11-11 12:32 UTC by Bas Meijer
Modified: 2007-11-30 22:06 UTC (History)
1 user (show)

Fixed In Version: RHBA-2005-091
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-04-28 15:39:35 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2005:062 normal SHIPPED_LIVE pam bug fix update 2005-05-18 04:00:00 UTC
Red Hat Product Errata RHBA-2005:064 low SHIPPED_LIVE pam bug fix update 2005-04-28 04:00:00 UTC
Red Hat Product Errata RHBA-2005:091 normal SHIPPED_LIVE pam bug fix update 2005-06-08 04:00:00 UTC

Description Bas Meijer 2002-11-11 12:32:17 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.78 [en] (X11; U; Linux 2.4.9-21 i686)

Description of problem:
when /etc/shadow has immutable bit changing password reports success,
while actually the old password is still in effect.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. # chattr +i /etc/shadow
2. $ passwd
3.Changing password for user
(current) UNIX password:
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully
	

Actual Results:  -rw-------    1 root     root         1186 Aug  2 10:47
/etc/shadow

It is now Mon Nov 11 13:28:28 CET 2002, so shadow is not updated.

Expected Results:  shadow file is immutable, passwd should report failure.

Additional info:

passwd-0.64.1-4

Comment 1 Bas Meijer 2004-10-14 23:14:59 UTC
Almost 2 years for a security related bug in RedHat Linux???

Comment 2 Tomas Mraz 2004-11-10 11:02:03 UTC
Taking.

Comment 3 Jindrich Novy 2004-11-10 11:08:54 UTC
Tomas, I think the pam_unix_passwd.c should be responsible for that.

Comment 4 Tomas Mraz 2004-11-11 14:38:03 UTC
Fixed in rawhide.


Comment 5 Tomas Mraz 2004-11-16 13:34:21 UTC
*** Bug 136369 has been marked as a duplicate of this bug. ***

Comment 6 Tomas Mraz 2004-12-15 10:38:40 UTC
Reopening as I want to fix that for RHEL3 too.

Comment 8 Bas Meijer 2005-01-05 20:46:51 UTC
This bug is still here

# rpm -q pam
pam-0.75-62
# cat /etc/redhat-release 
Red Hat Enterprise Linux ES release 3 (Taroon Update 4)

# chattr +i /etc/shadow
# lsattr shadow
----i-------- shadow
# ls -l shadow
-rw-------    1 root     root         1691 Jan  5 21:39 shadow
# passwd bas
Changing password for user bas.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
# tail -1 shadow
bas:$1$ezz3juFV$DPfWBCHMFbEQStj0Q4fRT/:12788:0:99999:7:::
# ls -l shadow
-rw-------    1 root     root         1691 Jan  5 21:39 shadow
# 
# chattr -i /etc/shadow
# passwd bas
Changing password for user bas.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
# 
# ls -l shadow
-rw-------    1 root     root         1691 Jan  5 21:42 shadow
# rpm -q pam
pam-0.75-62
# cat /etc/redhat-release 
Red Hat Enterprise Linux ES release 3 (Taroon Update 4)

Comment 9 John Flanagan 2005-04-28 15:39:35 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2005-064.html


Comment 10 Tim Powers 2005-05-18 14:49:07 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2005-062.html



Note You need to log in before you can comment on or make changes to this bug.