This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/11242] New: initshells never exits on mailformed /etc/shells
- From: "hannibal at astral dot lodz dot pl" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 3 Feb 2010 09:39:04 -0000
- Subject: [Bug libc/11242] New: initshells never exits on mailformed /etc/shells
- Reply-to: sourceware-bugzilla at sourceware dot org
The "su" command from shadow-4.1.4.2-i486-2 Slackware package hangs all the
time when mailformed /etc/shells file is used (no '\n' at the end of file).
My invastigation shows that problem is in initshells() function in glibc. Gdb
shows following stack backtrace:
#0 0xb764e361 in fgets_unlocked () from /lib/libc.so.6
#1 0xb76bd695 in initshells () from /lib/libc.so.6
#2 0xb76bd784 in setusershell () from /lib/libc.so.6
#3 0x08049d0e in restricted_shell ()
#4 0x0804a1fd in main ()
Additonaly CPU usage grows to 100%, so there is probably infinite loop problem.
End of 'strace su':
open("/etc/shells", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=55, ...}) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=55, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7fa2000
read(3, "/bin/bash\n/bin/tcsh\n/bin/csh\n/bin"..., 4096) = 55
read(3, ""..., 4096) = 0
I can reproduce it on any Slackware-current machine with '\n' removed from last
line of /etc/shells.
This could be also security problem, because atacker can 'fix' /etc/shells and
prevent legal user to relogin to root.
--
Summary: initshells never exits on mailformed /etc/shells
Product: glibc
Version: 2.11
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: hannibal at astral dot lodz dot pl
CC: glibc-bugs at sources dot redhat dot com
GCC host triplet: i486-pc-linux-gnu
http://sourceware.org/bugzilla/show_bug.cgi?id=11242
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.