[Pkg-shadow-devel] Bug#1095430: off-by-one error when setting the account expiry
Lee Garrett
debian at rocketjump.eu
Fri Feb 7 19:42:11 GMT 2025
Package: passwd
Version: 1:4.16.0-7
Severity: grave
X-Debbugs-Cc: debian at rocketjump.eu
Hi,
on a trixie or newer machine, the following happens:
root at trixie:~# usermod -e 1970-01-02 ansibulluser
root at trixie:~# getent shadow ansibulluser
ansibulluser:!:20126:0:99999:7::0:
^ this should be "1"
On a bookworm machine this returns the correct value:
root at bookworm:~# usermod -e 1970-01-02 ansibulluser
root at bookworm:~# getent shadow ansibulluser
ansibulluser:!:20126:0:99999:7::1:
I noticed this because autopkgtests for ansible-core were failing. I've checked
the autopkgtests of shadow and don't see this test case covered.
Set to severity grave because it's a regression and account expiry is a
potentially security sensitive subject.
Greets,
Lee
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (990, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.11-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages passwd depends on:
ii base-passwd 3.6.6
ii libacl1 2.3.2-2+b1
ii libattr1 1:2.5.2-2
ii libaudit1 1:4.0.2-2+b1
ii libbsd0 0.12.2-2
ii libc6 2.40-6
ii libcrypt1 1:4.4.38-1
ii libpam-modules 1.7.0-2
ii libpam0g 1.7.0-2
ii libselinux1 3.7-3.1
ii libsemanage2 3.7-2.1
ii login.defs 1:4.16.0-7
Versions of packages passwd recommends:
ii sensible-utils 0.0.24
passwd suggests no packages.
-- no debconf information
More information about the Pkg-shadow-devel
mailing list