[Pkg-shadow-devel] Bug#242407: marked as done ([POST-SARGE] [ALEXANDER] vipw race condition)

Debian Bug Tracking System owner@bugs.debian.org
Sun, 08 May 2005 13:03:08 -0700


Your message dated Sun, 08 May 2005 15:49:21 -0400
with message-id <E1DUrmD-00075J-00@newraff.debian.org>
and subject line Bug#242407: fixed in shadow 1:4.0.3-33
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 6 Apr 2004 15:12:01 +0000
>From docelic@mail.inet.hr Tue Apr 06 08:12:01 2004
Return-path: <docelic@mail.inet.hr>
Received: from mxout2.iskon.hr [213.191.128.16] (qmailr)
	by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
	id 1BAsF7-0006Ru-00; Tue, 06 Apr 2004 08:12:01 -0700
Received: (qmail 15431 invoked from network); 6 Apr 2004 17:11:58 +0200
X-Remote-IP: 213.191.128.12
Received: from mx.iskon.hr (qmailr@213.191.128.12)
  by mxout2.iskon.hr with SMTP; 6 Apr 2004 17:11:58 +0200
Received: (qmail 15292 invoked from network); 6 Apr 2004 17:11:58 +0200
X-Remote-IP: 213.202.64.98
Received: from ri01-097.dialin.iskon.hr (HELO ?192.168.7.3?) (213.202.64.98)
  by mx.iskon.hr with SMTP; 6 Apr 2004 17:11:58 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Davor Ocelic <docelic@mail.inet.hr>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: vipw race condition
Bcc: Davor Ocelic <docelic@mail.inet.hr>
X-Mailer: reportbug 2.56
Date: Tue, 06 Apr 2004 16:15:07 +0200
Message-Id: <E1BAsF7-0006Ru-00@spohr.debian.org>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 
X-CrossAssassin-Scores: 1

Package: passwd
Version: 1:4.0.3-26
Severity: normal

Hi,

There is a race condition present in the vipw command.

Suppose we run two instances of vipw, I1 and I2. I1 opens first, and I2 blocks
until I1 finishes editing and releases the lock. However, I1 releases the lock
*before* deleting its /etc/passwd.edit, so eventually it ends up deleting
/etc/passwd.edit which I2 prepared for itself inbetween I1's lock release and
unlink() call.

The result is that I2 opens the editor, but instead of seeing the passwd file
contents, you see an empty file; and if you save the changes on exit, your
password file gets truncated.

The problem is easily verifiable:
I1: nice -n 20 vipw
I2: vipw

The following bit from strace output helps (notice I1 and I2):
12:08:18.224300 I2 open("/etc/.pwd.lock", O_WRONLY|O_CREAT, 0600) = 3
12:08:18.224586 I2 fcntl64(3, F_SETLKW, {type=F_WRLCK, ...
12:08:21.717621 I1 --- SIGCHLD (Child exited) ---
12:08:21.717791 I1 unlink("/etc/passwd.lock") = 0
12:08:21.717882 I1 close(3)                = 0
12:08:21.718747 I2 open("/etc/passwd.edit", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 5
12:08:21.719431 I2 close(5)                = 0
12:08:21.719665 I2 fork()                  = 907
12:08:21.724538 I2 waitpid(907, [WIFEXITED(s) && WEXITSTATUS(s)...
12:08:21.724635 I1 unlink("/etc/passwd.edit") = 0       <<###########
12:08:21.725306 I1 _exit(0)                = ?
12:08:24.160115 I2 --- SIGCHLD (Child exited) ---
12:08:24.160178 I2 stat64("/etc/passwd.edit", 0xbffff39c) = -1 ENOENT (No such file or directory)

Thanks #debian-devel for verifying, and ajt for 'strace -tt' suggestion.

-docelic

---------------------------------------
Received: (at 242407-close) by bugs.debian.org; 8 May 2005 19:53:02 +0000
>From katie@ftp-master.debian.org Sun May 08 12:53:02 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DUrpl-00010u-00; Sun, 08 May 2005 12:53:02 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1DUrmD-00075J-00; Sun, 08 May 2005 15:49:21 -0400
From: Christian Perrier <bubulle@debian.org>
To: 242407-close@bugs.debian.org
X-Katie: $Revision: 1.55 $
Subject: Bug#242407: fixed in shadow 1:4.0.3-33
Message-Id: <E1DUrmD-00075J-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Sun, 08 May 2005 15:49:21 -0400
Delivered-To: 242407-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 
X-CrossAssassin-Score: 6

Source: shadow
Source-Version: 1:4.0.3-33

We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive:

login_4.0.3-33_i386.deb
  to pool/main/s/shadow/login_4.0.3-33_i386.deb
passwd_4.0.3-33_i386.deb
  to pool/main/s/shadow/passwd_4.0.3-33_i386.deb
shadow_4.0.3-33.diff.gz
  to pool/main/s/shadow/shadow_4.0.3-33.diff.gz
shadow_4.0.3-33.dsc
  to pool/main/s/shadow/shadow_4.0.3-33.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 242407@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Perrier <bubulle@debian.org> (supplier of updated shadow package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  8 May 2005 14:32:20 +0200
Source: shadow
Binary: login passwd
Architecture: source i386
Version: 1:4.0.3-33
Distribution: unstable
Urgency: low
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
Changed-By: Christian Perrier <bubulle@debian.org>
Description: 
 login      - system login tools
 passwd     - change and administer password and group data
Closes: 162241 193869 242407 249611 302740 304447 304542 308019 308145
Changes: 
 shadow (1:4.0.3-33) unstable; urgency=low
 .
   * The "Don't believe lintian blindly" release
   * Urgency left to low because RC bug fixed but we leave priority
     to sarge-targeted work
   * Debian packaging fixes:
     - Remove CVS id tag from the supplied login.defs file
       Closes: #308019
     - revert dependency on debconf which would make it required
       Closes: #308145
     - Add the missing add-shell, remove-shell, cppw and cpgr
       (Debian specific) man pages
       Closes: #162241
     - make lintian ignore warnings about missing debconf dependency
       in passwd.lintian-overrides
   * Debian specific programs fixes:
     - NONE
   * Upstream bugs not already fixed in upstream releases or CVS:
     - NONE
   * Upstream bugs already fixed in upstream releases or CVS:
     - 313_pam_access_with_preauth:
       - allow PAM account authorization when preauthenticated
         Closes: #193869
     - 314_passwd.1_formatting:
       - minor formatting fixes of passwd(1) man page
         Closes: #304447
     - 315_chage.1_document_expiration_removal:
       - document expiration removal in chage(1)
         Closes: #304542
     - 316_vipw-race-242407:
       - make vipw to remove /etc/{passwd|shadow|group|gshadow}.edit
         and only then unlock
         Closes: #242407
     - 317_lastlog_usage_249611:
       - Fix the lastlog usage and all the translations accordingly
         (--user instead of --login).
         Closes: #249611
     - 323_passwd.1-typo:
       - correct a typo in passwd(1) man page. Closes: #302740
Files: 
 cb9f4fd9d99b1e684b43e8b4f3d04afe 833 base required shadow_4.0.3-33.dsc
 501eea6ea223e6cf73e09aaa83af1049 961469 base required shadow_4.0.3-33.diff.gz
 3616fe7a3c1d20f60c1f27413276356e 531960 base required passwd_4.0.3-33_i386.deb
 267ed226b1587d9a3d99774a70fba64f 576422 base required login_4.0.3-33_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCfmTK1OXtrMAUPS0RAjI8AJ43gUKILtpA7WhQG6ZVqv1mmOj57gCfX5PI
cNeXFwWPhMwEunNC8+Xsi2I=
=TNeQ
-----END PGP SIGNATURE-----