[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug #23053

Tommi Virtanen <tv@debian.org> writes:

> > That was exactly what happens! I, as root is adding/creating/deleting (etc) a user,
> > the program xAdmin is therefor run by root, therefor /etc/shadow will be owned by
> > root.root, True?
> 	You misunderstood the word "own". Think "belonging to a package", as
> 	in "I shouldn't go around mucking /etc/inetd.conf because it is not
> 	owned by me -- so I'll use update-inetd.

I did not misunderstood the word, this is _EXACTLY_ how I understood it! I fucked up, OK?
I'm the author of the xAdmin package, therefor I messed up the chown'ing of the file... I
didn't think about the problem I described above.

I have now fixed this. I should not close the bug (according to James), until I have fixed
it permanently, which will happen any day (I hope :).

> > The fix is simple: 
> >   chown("/etc/shadow", "root", "group");
> 	Somehow I feel this code might not do proper locking etc. Don't trust
> 	a multi-thousand user system on it..

Sorry, I meant:

	chown("/etc/shadow", "root", "shadow");

Where I find 'shadow' by doing a:


Maybe I should do a


to find the name of the root user? :)

BTW. Is there a secure way of locking files, that work on any program? Say admin 1 is using
xAdmin to change/add etc a user, and admin 2 is using emacs (or, yuck, vi :) to do the same...

Admin 1 is starting his prog first, how would admin 2 (with editor of his/her choice) know
about this...

 Turbo  ___________     Debian GNU/Linux   Unix _IS_ user friendly - it's just
 ^^^^^  ___  /___(_)__________  _____  __  selective about who its friends are
        __  / __  /__  __ \  / / /_  |/_/
  _ /// _  /___  / _  / / / /_/ /__>  <   Turbo Fredriksson Tel: +46-704-697645
  \\\/  /_____/_/  /_/ /_/\__,_/ /_/|_|   S-415 10 Göteborg    turbo@tripnet.se
                  PGP#788CD1A9            SWEDEN         www5.tripnet.se/~turbo
----------- PGP:  B7 92 93 0E 06 94 D6 22  98 1F 0B 5B FE 33 A1 0B ------------
bomb cryptographic arrangements Treasury Saddam Hussein World Trade
Center North Korea Ortega fissionable cracking Rule Psix nuclear
Marxist South Africa Cocaine

To UNSUBSCRIBE, email to debian-mentors-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: