Skip site navigation (1)Skip section navigation (2) 
Date:      Thu,  8 Dec 2005 20:25:06 +0100
From:      "Björn König" <bkoenig@cs.tu-berlin.de>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   bin/90114: pw takes strings after option -g for GID 0
Message-ID:  <20051208192506.A9CDF508B5@eurystheus.local>
Resent-Message-ID: <200512081930.jB8JU3xV079368@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         90114
>Category:       bin
>Synopsis:       pw takes strings after option -g for GID 0
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 08 19:30:02 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Björn König
>Release:        FreeBSD 6.0-RELEASE i386
>Organization:
>Environment:
>Description:
	pw assumes the group with the ID 0 if you specify a string mistakenly
	instead of a number in conjunction with option -g. This might be
	problematic because it is possible that you delete the group 'wheel'
	accidentally and silently.
	
	This issue has been discovered by Mars G. Miro (marsgmiro at gmail.com) 
>How-To-Repeat:
	Back up your /etc/group. ;)
	
	# pw groupshow -g wheel
	wheel:*:0:root
	
	# pw groupdel -g somestring
	
	# pw groupshow -g wheel
	pw: unknown group `wheel'
>Fix:
	The patch below checks the error value returned by atoi and
	aborts the current action if the user supplied an invalid GID.
	
	Note that pw still accepts erroneous values in certain cases,
	e.g. -g 0somestring.
	
--- pw-2005120801.diff begins here ---
--- src/usr.sbin/pw/pw_group.c.orig	Sun Jan 11 19:28:08 2004
+++ src/usr.sbin/pw/pw_group.c	Thu Dec  8 19:46:26 2005
@@ -93,8 +93,15 @@
 			a_name = NULL;
 		}
 	}
-	grp = (a_name != NULL) ? GETGRNAM(a_name->val) : GETGRGID((gid_t) atoi(a_gid->val));
 
+	if (a_name != NULL)
+		grp = GETGRNAM(a_name->val);
+	else {
+		grp = GETGRGID((gid_t) atoi(a_gid->val));
+		if (errno == EINVAL)
+			errx(EX_DATAERR, "invalid group id `%s'", a_gid->val);
+	}
+	
 	if (mode == M_UPDATE || mode == M_DELETE || mode == M_PRINT) {
 		if (a_name == NULL && grp == NULL)	/* Try harder */
 			grp = GETGRGID(atoi(a_gid->val));
--- pw-2005120801.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051208192506.A9CDF508B5>