[Pkg-shadow-devel] Bug#620898: Moving bash from essential/required to important?

Guillem Jover guillem at debian.org
Tue Apr 5 04:19:38 UTC 2011

On Tue, 2011-04-05 at 01:08:19 +0100, Ben Hutchings wrote:
> This appears to open up any accounts that have been deliberately
> disabled by setting their shell to a nonexistent path.  I know that's a
> dumb way to disable an account, but that doesn't make this any less of a
> security hole.
> How about checking for the configured shell in /etc/shells before
> enabling the fallback?

Ah good catch! Done with the attached patch.

On Mon, 2011-04-04 at 18:10:48 -0700, Steve Langasek wrote:
> Yes, it seems to handle the missing-shell case.  What about the case of
> execle() failing?  It's at least as likely for a shell to be broken because
> its dependencies are not yet unpacked as it is that it's broken because the
> shell itself is not unpacked.

Well, ENOENT should handle not only missing executable, also missing
dynamic linker, etc. Maybe missing shared libraries depending on the
implementation, but on glibc systems, because those are handled by
the dynamic linker it's too late as the kernel has already handed over
control to it, which will fail hard. Equivalent to the case of the
shell binary segfaulting. Those cases would need to be handled
by forking and watching the childs (ugh :). In any case I've now
relaxed the ENOENT case to just execute the fallback when
apropriate on any execle() error, in case there's other error
instances which might make sense to fallback on.

But then bash only depends on libc and libncurses, which are
pseudo-essential, so if those and the dynamic linker are
non-functional then the system has bigger problems than root not
being able to login. For the unpack case you mention I guess it would
just be a matter of keeping those libraries in the Pre-Depends when
removing it from Essential.

Something else to do would be to add a versioned dependency to bash
on the fixed login package.

Would all this address your concerns?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: shadow-
Type: text/x-diff
Size: 7003 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20110405/5d8bb70f/attachment.patch>

More information about the Pkg-shadow-devel mailing list