Bug 813394 - lusermod/luseradd can corrupt the format of /etc/passwd
lusermod/luseradd can corrupt the format of /etc/passwd
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libuser (Show other bugs)
All Linux
medium Severity medium
: beta
: ---
Assigned To: Miloslav Trmač
BaseOS QE Security Team
Depends On:
  Show dependency treegraph
Reported: 2012-04-17 12:06 EDT by Miroslav Vadkerti
Modified: 2012-04-18 04:14 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-04-18 04:14:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 1 Miloslav Trmač 2012-04-18 04:14:51 EDT
Thanks for your report.

In general:

The last field on the line is special: adding colons to it does not add any field splitting ambiguity.  libuser therefore explicitly allows ':' in the last field.

glibc's parsers do not recognize the ':' as a separator in that case (in particular, you can have a ':' in user's shell).  On the other hand, shadow-utils's parsers do recognize the ':' as terminating even the last field on the line, so the situation is ambiguous.

Therefore, libuser will always differ from one of glibc and shadow-utils.

Given that the field splitting does not have any security impact, and the file format is not really strictly defined, I think leaving the existing code is fine.  We can't promise that it will work, but we don't have a really good reason to prohibit it, either.

In this specific case:
As mentioned above, glibc will parse those lines as an user with shell "a:b" and "c:d", respectively.  

Please reopen this if I have overlooked a reason to prohibit the ':' in the last field.

Note You need to log in before you can comment on or make changes to this bug.