[Pkg-shadow-devel] Bug#470745: passwd: usermod loops and mem leaks

[Thomas Rasmussen]

Package: passwd
Version: 1:4.0.18.1-7
Severity: critical
Justification: breaks the whole system


If /etc/gshadow file has been changed so two otherwise non-identical groups apear with the same groupname, usermod will loop and use all memory on system if called.

Reproducable by performing this:
# groupadd tr
# groupadd rtr
# useradd -g tr tr
# perl -pi -e 's/rtr/tr/g' /etc/gshadow
# usermod -G tr tr
<observe usermod using memory and proc time>

Tested and reproduced on latest (4.0r3) netinst iso image and updated with all packages.


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)

Versions of packages passwd depends on:
ii  debianutils            2.17              Miscellaneous utilities specific t
ii  libc6                  2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii  libpam-modules         0.79-5            Pluggable Authentication Modules f
ii  libpam0g               0.79-5            Pluggable Authentication Modules l
ii  libselinux1            1.32-3            SELinux shared libraries
ii  login                  1:4.0.18.1-7      system login tools

passwd recommends no packages.

-- debconf information:
  passwd/root-password-crypted: (password omitted)
  passwd/user-password-crypted: (password omitted)
  passwd/root-password: (password omitted)
  passwd/root-password-again: (password omitted)
  passwd/user-password-again: (password omitted)
  passwd/user-password: (password omitted)
  passwd/password-mismatch:
  passwd/shadow: true
  passwd/username: tr
  passwd/password-empty:
  passwd/username-bad:
  passwd/make-user: true
  passwd/title:
  passwd/user-fullname:
  passwd/user-uid: