[Pkg-shadow-devel] Bug#1132509: Bug#1132509: uidmap: getsubids look up /etc/subgid by gid instead of uid when using numerical values

Serge E. Hallyn serge at hallyn.com
Wed Apr 1 22:16:28 BST 2026 

On Wed, Apr 01, 2026 at 10:40:01PM +0200, Aurelien Jarno wrote:
> Package: uidmap
> Version: 1:4.18.0-2
> Severity: important
> Tags: patch
> X-Debbugs-Cc: dsa at debian.org, wb-team at buildd.debian.org, sbuild at packages.debian.org
> Control: affects -1 sbuild
> 
> Hi,
> 
> Since version 0.91.6, sbuild started to use getsubids to parse
> /etc/subgid [1]. The format of this file is supposed to be [2]:
> 
>   login name or UID : numerical subordinate group ID : numerical subordinate group ID count
> 
> Unfortunately getsubids parses it as login name or *GID*. This breaks
> when this file contains UID and when UID != GID:
> 
> $ id buildd
> uid=2952(buildd) gid=1009(buildd) groupes=1009(buildd),115(sbuild)
> $ grep 2952 /etc/subgid 
> 2952:193462272:65536
> $ getsubids -g buildd
> Error fetching ranges
> 
> Fortunately it seems that newgidmap parses the file correctly, so this
> is not a security issue.
> 
> The following untested patch should fix the issue (which means that
> get_owner_id() can be simplified as this is the only caller:
> 

Indeed, thanks for the patch and catching that.

Reviewed-by: Serge Hallyn <serge at hallyn.com>

Not sure what the flow from here is.  Would you mind sending a
patch to upstream at https://github.com/shadow-maint/shadow,
or, if you prefer not to, should I forward it?

I can see about preparing a shadow package for debian with this fix
and having Chris sponsor it, unless (my preference) he wants to
prepare it himself.

thanks,
-serge

> --- shadow-4.19.3.orig/lib/subordinateio.c
> +++ shadow-4.19.3/lib/subordinateio.c
> @@ -908,7 +908,7 @@ int list_owner_ranges(const char *owner,
>  		return -1;
>  	}
>  
> -	have_owner_id = get_owner_id(owner, id_type, id);
> +	have_owner_id = get_owner_id(owner, ID_TYPE_UID, id);
>  
>  	commonio_rewind(db);
>  	while (NULL != (range = commonio_next(db))) {
> 
> Regards
> Aurelien
> 
> [1] https://salsa.debian.org/debian/sbuild/-/commit/590c06cd5a76b6758606cc30fea075816edda468
> [2] https://manpages.debian.org/unstable/passwd/subgid.5.en.html
> 
> _______________________________________________
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

More information about the Pkg-shadow-devel mailing list