[Pkg-shadow-devel] Issue with concurrent usage of gpasswd

Nicolas François nicolas.francois at centraliens.net
Tue Jun 12 22:42:10 UTC 2012


Hello,

On Tue, Jun 12, 2012 at 10:43:16AM +0200, lboillet69 at gmail.com wrote:
> 
> On Sat, May 19, 2012 at 10:54 AM, Nicolas François
> <nicolas.francois at centraliens.net> wrote:
> > gpasswd locks /etc/group. It should have been the case also in lenny.
> >
> > If you send me a script which can be used to reproduce this issue, I can
> > give it a try.
> 
> I can reproduce it something like one out of 3/4 times with the script below:

Thanks for the script.

At least I understand the issue now.

The problem is that shadow tools lock the files too late (i.e. the tool
already retrieved information from the user or group database.
So if the database was changed between the time of checkand time of write,
this update is overwritten.

I currently don't think the system would end up in an inconsistent state,
but it does not end in the expected state.
I would expect more shadow tools to be sensible to this class of bug.

The approach for fixing will be to lock the files earlier, but maybe not
too early (e.g. to make sure parameter checking are not locking the databases).

Due to the impact on various tools, I expect the fix to take some time.

Best Regards,
-- 
Nekral



More information about the Pkg-shadow-devel mailing list