Skip Menu |
 

This queue is for tickets about the Passwd-Unix CPAN distribution.

Report information
The Basics
Id: 35323
Status: resolved
Priority: 0/
Queue: Passwd-Unix

People
Owner: Nobody in particular
Requestors: artrus [...] netzero.net
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in: 0.33
Fixed in: (no value)



Subject: Critical bug - corrupts /etc/shadow
Download (untitled) / with headers
text/plain 830b
The current version of Passwd::Unix corrupted my /etc/shadow upon only calling the passwd() function. Immediately users started to report not being able to login. After examining the situation, I found that Passwd::Unix rearranges all users in /etc/shadow alphabetically, but it only does it to the usernames, and not the password hashes. Thus, if your /etc/shadow does not have users in alphabetical order (mine doesn’t, as users get appended as they’re created), you will get corrupted accounts. Moreover, users are now able to login to one OTHER account, not their own, depending on how the usernames got shuffled. Thankfully, I had a recent backup but I definitely don’t want anyone else to suffer. I’m using perl 5.10, SUSE 10.3. If it’s incompatible with SUSE, it needs to say so and exit. Artem Russakovskii.
From: artrus [...] netzero.net
I'd like to amend my previous statement about the alphabetic order. It seems that the newly created file is in random order, but different from the original. On Tue Apr 22 20:31:45 2008, Archon810 wrote: Show quoted text
> The current version of Passwd::Unix corrupted my /etc/shadow upon only > calling the passwd() function. Immediately users started to report not > being able to login. > > After examining the situation, I found that Passwd::Unix rearranges all > users in /etc/shadow alphabetically, but it only does it to the > usernames, and not the password hashes. Thus, if your /etc/shadow does > not have users in alphabetical order (mine doesn’t, as users get > appended as they’re created), you will get corrupted accounts. Moreover, > users are now able to login to one OTHER account, not their own, > depending on how the usernames got shuffled. > > Thankfully, I had a recent backup but I definitely don’t want anyone > else to suffer. > > I’m using perl 5.10, SUSE 10.3. If it’s incompatible with SUSE, it needs > to say so and exit. > > Artem Russakovskii.
Subject: Re: [rt.cpan.org #35323] Critical bug - corrupts /etc/shadow
Date: Wed, 23 Apr 2008 10:57:13 +0200
To: bug-Passwd-Unix [...] rt.cpan.org
From: Strzelecki Łukasz <flagg [...] onet.eu>
Download (untitled) / with headers
text/plain 1.7k
Thanks for information. I'll fix it as soon as it'll be possible for me (probably today). Im'm sorry for all troubles. On Wed, 23 Apr 2008 02:31:50 +0200, Artem Russakovskii via RT <bug-Passwd-Unix@rt.cpan.org> wrote: Show quoted text
> > Tue Apr 22 20:31:45 2008: Request 35323 was acted upon. > Transaction: Ticket created by Archon810 > Queue: Passwd-Unix > Subject: Critical bug - corrupts /etc/shadow > Broken in: 0.33 > Severity: Critical > Owner: Nobody > Requestors: artrus@netzero.net > Status: new > Ticket <URL: http://rt.cpan.org/Ticket/Display.html?id=35323 > > > > The current version of Passwd::Unix corrupted my /etc/shadow upon only > calling the passwd() function. Immediately users started to report not > being able to login. > > After examining the situation, I found that Passwd::Unix rearranges all > users in /etc/shadow alphabetically, but it only does it to the > usernames, and not the password hashes. Thus, if your /etc/shadow does > not have users in alphabetical order (mine doesn’t, as users get > appended as they’re created), you will get corrupted accounts. Moreover, > users are now able to login to one OTHER account, not their own, > depending on how the usernames got shuffled. > > Thankfully, I had a recent backup but I definitely don’t want anyone > else to suffer. > > I’m using perl 5.10, SUSE 10.3. If it’s incompatible with SUSE, it needs > to say so and exit. > Artem Russakovskii.
-- $a=$a[8][67][9][0][51][84][82][90][69][76][69][67][75][73][0][131][85][75][65][83 ][90][0][73][78][0][65][0][20][22][0][68][73][77][69][78][83][73][79][78][65][76] [0][65][82][82][65][89]=sub{sub _($){print$_[@z]}($z,$i)=@_;(++$i)while!$z->[$i]; $s+=$i;_ chr($i+32);$s!=2809&&&$a($z->[$i],$c>$e)};&$a(\@a,$d<$f);_ "\n";$a[8]=$a
Subject: Re: [rt.cpan.org #35323] Critical bug - corrupts /etc/shadow
Date: Thu, 24 Apr 2008 05:11:01 +0200
To: bug-Passwd-Unix [...] rt.cpan.org
From: Strzelecki Łukasz <strzelec [...] rswsystems.pl>
Download (untitled) / with headers
text/plain 105b
Bug fixed. New release already should be in CPAN resources. -- ----- Best Regards Strzelecki Łukasz
Fixed...a long, long time ago :-)


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.