From owner-freebsd-questions@FreeBSD.ORG Thu Mar 26 17:34:09 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C50B54F4 for ; Thu, 26 Mar 2015 17:34:09 +0000 (UTC) Received: from www81.your-server.de (www81.your-server.de [213.133.104.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7FD99CC7 for ; Thu, 26 Mar 2015 17:34:08 +0000 (UTC) Received: from [24.134.63.13] (helo=michael-think.fritz.box) by www81.your-server.de with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1YbAxO-0002Oq-KL; Thu, 26 Mar 2015 17:48:34 +0100 Content-Type: text/plain; charset=iso-8859-15; format=flowed; delsp=yes To: "Matthew Pherigo" , "Rick Miller" Subject: Re: 'pw usermod -G' not removing user from group? References: <474FEC65-4E15-4972-A411-E91569B4E2A5@gmail.com> <3183757859924107912@unknownmsgid> Date: Thu, 26 Mar 2015 17:48:29 +0100 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Michael Ross" Message-ID: In-Reply-To: User-Agent: Opera Mail/1.0 (Win32) X-Authenticated-Sender: gmx@ross.cx X-Virus-Scanned: Clear (ClamAV 0.98.5/20244/Thu Mar 26 11:48:38 2015) Cc: FreeBSD Users X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Mar 2015 17:34:09 -0000 On Thu, 26 Mar 2015 16:37:11 +0100, Rick Miller wrote: > On Thu, Mar 26, 2015 at 10:24 AM, Matthew Pherigo > wrote: > >> Thanks for your email, Rick. While I understand the necessity of the >> security-patch-only limitation, I would argue that this issue actually >> IS a >> security risk, like so: >> >> Case 1: admin needs to add a user to a group. This works correctly. >> Case 2: admin needs to remove a user from a group. This doesn't work, >> but >> since the admin has just shown that he doesn't need or want this user >> to be >> part of the group, he won't attempt to access those group resources by >> the >> user unless he is explicitly testing it. I only noticed this bug because >> Salt had a test case for it. >> Case 3: admin needs to remove one group and add another. The new group >> is >> added correctly, but the old group is not removed. It's much more likely >> that the addition will be noticed while the failed removal will not. >> >> I would argue that this is much more dangerous than the opposite >> (Addition >> of groups failing but removal of groups succeeding), as giving an >> account >> too much privilege is a security risk while an account not having enough >> privilege is simply an inconvenience. >> > > Just a quick nitpick...on mailing lists where threads can often be very > lengthy it is generally accepted that inline posting is preferred to > top-posting. This practice helps to maintain the readability of a > thread. > > That said, after closer inspection, the behavior you described is not > identical to the behavior described and illustrated in the PR referenced. > Chalk it up to me not reading your post closely enough. My apologies. > PR187189 specifically addresses duplicate groups with differing ID's > where > the behavior you're experiencing, while similar, does not include > duplicate > groups. > > You may consider opening a PR for this if one is not already open. > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=185666 dated 2014/01/11, patched 2014/10/28 and 2014/11/04