From owner-freebsd-bugs Fri Aug 16 14:20: 7 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DBAE137B400 for ; Fri, 16 Aug 2002 14:20:02 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3427843E70 for ; Fri, 16 Aug 2002 14:20:02 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7GLK1JU073240 for ; Fri, 16 Aug 2002 14:20:02 -0700 (PDT) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7GLK14O073239; Fri, 16 Aug 2002 14:20:01 -0700 (PDT) Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 73AF237B400 for ; Fri, 16 Aug 2002 14:19:09 -0700 (PDT) Received: from www.freebsd.org (www.FreeBSD.org [216.136.204.117]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3771F43E6A for ; Fri, 16 Aug 2002 14:19:09 -0700 (PDT) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.12.4/8.12.4) with ESMTP id g7GLIPOT065418 for ; Fri, 16 Aug 2002 14:18:25 -0700 (PDT) (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.12.4/8.12.4/Submit) id g7GLIPEm065417; Fri, 16 Aug 2002 14:18:25 -0700 (PDT) Message-Id: <200208162118.g7GLIPEm065417@www.freebsd.org> Date: Fri, 16 Aug 2002 14:18:25 -0700 (PDT) From: Branson Matheson To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: bin/41721: pw_mkdb creates uid 0 accounts for improper UID Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 41721 >Category: bin >Synopsis: pw_mkdb creates uid 0 accounts for improper UID >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 16 14:20:01 PDT 2002 >Closed-Date: >Last-Modified: >Originator: Branson Matheson >Release: 4.6-STABLE >Organization: Windborne Producitons, Inc >Environment: FreeBSD jane.inside 4.6-STABLE FreeBSD 4.6-STABLE #2: Tue Aug 6 13:41:03 EDT 2002 branson@jane.inside:/usr/obj/usr/src/sys/JANE i386 >Description: When using vipw to create an account.. if a letter is in the third field of the temporary password file( the UID field ), when vipw exits and mk_pwdb runs against the resulting temporary file, the account is given uid 0. The same happens for the GID field. >How-To-Repeat: run vipw, add the following line: test:*:i123:20::0:0:Test User:/home/test:/sbin/nologin exit root@jane # grep test /etc/passwd test:*:0:20:Test User:/home/test:/sbin/nologin >Fix: mk_pwdb needs to validate the format of the UID and GID fields and throw an exception if the field contains any /D type characters. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message