[Pkg-shadow-devel] Bug#394182: cppw: copies to /etc/passwd even with -s switch

C. Chad Wallace cwallace at lodgingcompany.com
Thu Oct 19 23:05:30 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package: passwd
Version: 1:4.0.18.1-3
Severity: grave
Justification: causes data loss

Since some time after sarge, the cppw program does not recognize the -s
switch.  When -s is given, it is supposed to copy the file to /etc/shadow,
but instead it copies it to /etc/passwd, effectively disabling ALL logins.

I've looked at the code (in debian/patches/401_cppw_src.dpatch), and
noticed it is checking for the obsolete symbol SHADOWPWD before checking
for the -s switch.  Since that symbol doesn't exist (The Changelog says it
has been removed), it goes ahead and copies the file over /etc/passwd
instead of /etc/shadow.

- -- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-k7
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)

Versions of packages passwd depends on:
ii  debianutils                 2.17.3       Miscellaneous utilities specific t
ii  libc6                       2.3.6.ds1-6  GNU C Library: Shared libraries
ii  libpam-modules              0.79-3.2     Pluggable Authentication Modules f
ii  libpam0g                    0.79-3.2     Pluggable Authentication Modules l
ii  libselinux1                 1.30.28-2    SELinux shared libraries
ii  login                       1:4.0.18.1-3 system login tools

passwd recommends no packages.

- -- debconf information:
  passwd/password-mismatch:
  passwd/username:
  passwd/password-empty:
  passwd/make-user: true
  passwd/md5: false
  passwd/title:
  passwd/user-uid:
  passwd/shadow: true
  passwd/username-bad:
  passwd/user-fullname:

- --

C. Chad Wallace, B.Sc.
The Lodging Company
http://www.skihills.com/
OpenPGP Public Key ID: 0x262208A0


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFOAS6KeSNHCYiCKARAh4ZAJ9gs6b6aACsvZ+DIFYgKUocDKeT2ACghJm+
C20HmFvOGrccYTzlchiGeKs=
=GRyE
-----END PGP SIGNATURE-----

More information about the Pkg-shadow-devel mailing list