Re: Bug #23053
Tommi Virtanen <tv@debian.org> writes:
> > That was exactly what happens! I, as root is adding/creating/deleting (etc) a user,
> > the program xAdmin is therefor run by root, therefor /etc/shadow will be owned by
> > root.root, True?
>
> You misunderstood the word "own". Think "belonging to a package", as
> in "I shouldn't go around mucking /etc/inetd.conf because it is not
> owned by me -- so I'll use update-inetd.
I did not misunderstood the word, this is _EXACTLY_ how I understood it! I fucked up, OK?
I'm the author of the xAdmin package, therefor I messed up the chown'ing of the file... I
didn't think about the problem I described above.
I have now fixed this. I should not close the bug (according to James), until I have fixed
it permanently, which will happen any day (I hope :).
> > The fix is simple:
> > chown("/etc/shadow", "root", "group");
>
> Somehow I feel this code might not do proper locking etc. Don't trust
> a multi-thousand user system on it..
Sorry, I meant:
chown("/etc/shadow", "root", "shadow");
Where I find 'shadow' by doing a:
getgrnam('shadow')
Maybe I should do a
getpwuid('0')
to find the name of the root user? :)
BTW. Is there a secure way of locking files, that work on any program? Say admin 1 is using
xAdmin to change/add etc a user, and admin 2 is using emacs (or, yuck, vi :) to do the same...
Admin 1 is starting his prog first, how would admin 2 (with editor of his/her choice) know
about this...
--
-------------------------------------------------------------------------------
Turbo ___________ Debian GNU/Linux Unix _IS_ user friendly - it's just
^^^^^ ___ /___(_)__________ _____ __ selective about who its friends are
__ / __ /__ __ \ / / /_ |/_/
_ /// _ /___ / _ / / / /_/ /__> < Turbo Fredriksson Tel: +46-704-697645
\\\/ /_____/_/ /_/ /_/\__,_/ /_/|_| S-415 10 Göteborg turbo@tripnet.se
PGP#788CD1A9 SWEDEN www5.tripnet.se/~turbo
----------- PGP: B7 92 93 0E 06 94 D6 22 98 1F 0B 5B FE 33 A1 0B ------------
--
bomb cryptographic arrangements Treasury Saddam Hussein World Trade
Center North Korea Ortega fissionable cracking Rule Psix nuclear
Marxist South Africa Cocaine
--
To UNSUBSCRIBE, email to debian-mentors-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: