[From nobody Thu Apr 2 19:25:05 2026 Received: (at submit) by bugs.debian.org; 1 Apr 2026 20:40:04 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-130.1 required=4.0 tests=BAYES_00, BODY_INCLUDES_CONTROL_AFFECTS,BODY_INCLUDES_PACKAGE,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA, FROMDEVELOPER,HAS_PACKAGE,MD5_SHA1_SUM,MONEY,SPF_HELO_NONE,SPF_NONE, STOCKLIKE,UNPARSEABLE_RELAY,USER_IN_DKIM_WELCOMELIST,XMAILER_REPORTBUG autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 42; hammy, 150; neutral, 52; spammy, 0. spammytokens: hammytokens:0.000-+--Hx-spam-relays-external:sk:stravin, 0.000-+--H*RT:sk:stravin, 0.000-+--Hx-spam-relays-external:311, 0.000-+--H*RT:311, 0.000-+--H*RT:108 Return-path: <aurel32@debian.org> Received: from stravinsky.debian.org ([2001:41b8:202:deb::311:108]:51736) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <aurel32@debian.org>) id 1w82M8-005UFr-1D for submit@bugs.debian.org; Wed, 01 Apr 2026 20:40:04 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.stravinsky; h=X-Debian-User:Date:Message-ID:Subject:To:From: Content-Transfer-Encoding:MIME-Version:Content-Type:Reply-To:Cc:Content-ID: Content-Description:In-Reply-To:References; bh=9Cxio+vww+R45gvuAaAS8jjHvG0KxTe9DztBluW+6t8=; b=tPyHubXGB7pQUhNEXDNTlT8TpT 6kw5N5StPpV8HSRaeLSgWCZYjAWaRNF/S7e3MNDmwuxSoBITSXkKKmf66Bfji3frW4+bYbWbQb/dn Z1LOFq35hq5rC79QAG0RlhpGeyk58l7oBiWhXFQv5OyfGGdR20RIPUWiYkDaD3o+BZkWhXLi9VSUd M0s9tk/uslNJZOGcxnfaEUCeb+mKxkYEburlBPKuzP2XGf3SHcPdK8hwiLJMrK2Ugb0Pnpz56SbCA QDACaO1HU785j2ecqpk3TYZAnXJfjJHu0GLK+AlZihYTms4ZFhqOHeMfzaeQ7TlQ6I2wL1F9aBx6F WHnYB8SQ==; Received: from authenticated user by stravinsky.debian.org with esmtpsa (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <aurel32@debian.org>) id 1w82M8-003G4m-0C for submit@bugs.debian.org; Wed, 01 Apr 2026 20:40:02 +0000 Received: from authenticated user by hall.aurel32.net with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from <aurel32@debian.org>) id 1w82M5-00000006h5Q-2Amt; Wed, 01 Apr 2026 22:40:01 +0200 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Aurelien Jarno <aurel32@debian.org> To: Debian Bug Tracking System <submit@bugs.debian.org> Subject: uidmap: getsubids look up /etc/subgid by gid instead of uid when using numerical values Message-ID: <177507600116.1068162.11100520066527675039.reportbug@ohm.local> X-Mailer: reportbug 13.2.0 Date: Wed, 01 Apr 2026 22:40:01 +0200 X-Debian-User: aurel32 Delivered-To: submit@bugs.debian.org Package: uidmap Version: 1:4.18.0-2 Severity: important Tags: patch X-Debbugs-Cc: dsa@debian.org, wb-team@buildd.debian.org, sbuild@packages.debian.org Control: affects -1 sbuild Hi, Since version 0.91.6, sbuild started to use getsubids to parse /etc/subgid [1]. The format of this file is supposed to be [2]: login name or UID : numerical subordinate group ID : numerical subordinate group ID count Unfortunately getsubids parses it as login name or *GID*. This breaks when this file contains UID and when UID != GID: $ id buildd uid=2952(buildd) gid=1009(buildd) groupes=1009(buildd),115(sbuild) $ grep 2952 /etc/subgid 2952:193462272:65536 $ getsubids -g buildd Error fetching ranges Fortunately it seems that newgidmap parses the file correctly, so this is not a security issue. The following untested patch should fix the issue (which means that get_owner_id() can be simplified as this is the only caller: --- shadow-4.19.3.orig/lib/subordinateio.c +++ shadow-4.19.3/lib/subordinateio.c @@ -908,7 +908,7 @@ int list_owner_ranges(const char *owner, return -1; } - have_owner_id = get_owner_id(owner, id_type, id); + have_owner_id = get_owner_id(owner, ID_TYPE_UID, id); commonio_rewind(db); while (NULL != (range = commonio_next(db))) { Regards Aurelien [1] https://salsa.debian.org/debian/sbuild/-/commit/590c06cd5a76b6758606cc30fea075816edda468 [2] https://manpages.debian.org/unstable/passwd/subgid.5.en.html ]