|Subject:||Critical bug - corrupts /etc/shadow|
The current version of Passwd::Unix corrupted my /etc/shadow upon only calling the passwd() function. Immediately users started to report not being able to login. After examining the situation, I found that Passwd::Unix rearranges all users in /etc/shadow alphabetically, but it only does it to the usernames, and not the password hashes. Thus, if your /etc/shadow does not have users in alphabetical order (mine doesn’t, as users get appended as they’re created), you will get corrupted accounts. Moreover, users are now able to login to one OTHER account, not their own, depending on how the usernames got shuffled. Thankfully, I had a recent backup but I definitely don’t want anyone else to suffer. I’m using perl 5.10, SUSE 10.3. If it’s incompatible with SUSE, it needs to say so and exit. Artem Russakovskii.