Debian Bug report logs - #524139
login: tty perms very, weirdly wrong on console

version graph

Package: login; Maintainer for login is Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>; Source for login is src:shadow.

Reported by: Chip Salzenberg <chip@pobox.com>

Date: Wed, 15 Apr 2009 04:30:02 UTC

Severity: grave

Found in version shadow/1:4.1.3-1

Fixed in version shadow/1:4.1.3.1-1

Done: Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#524139; Package login. (Wed, 15 Apr 2009 04:30:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Chip Salzenberg <chip@pobox.com>:
New Bug report received and forwarded. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Wed, 15 Apr 2009 04:30:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Chip Salzenberg <chip@pobox.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: login: tty perms very, weirdly wrong on console
Date: Tue, 14 Apr 2009 21:26:56 -0700
Package: login
Version: 1:4.1.3-1
Severity: grave

When logging in on the console, the permission on e.g. /dev/tty1 are Weirdly Wrong:

   # ls -l /dev/tty1
   c--x-wx--T 1 root 4, 1 Apr 14 21:24 /dev/tty1

"That's not right.  It's not even wrong."
Priority "grave" becuase of the group-write bit.

And no, I haven't been playing with login.defs:

   # grep '^TTY' /etc/login.defs
   TYGROUP        tty
   TTYPERM        0600


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.28-1-686 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages login depends on:
ii  libc6                         2.9-7      GNU C Library: Shared libraries
ii  libpam-modules                1.0.1-9    Pluggable Authentication Modules f
ii  libpam-runtime                1.0.1-9    Runtime support for the PAM librar
ii  libpam0g                      1.0.1-9    Pluggable Authentication Modules l

login recommends no packages.

login suggests no packages.

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#524139; Package login. (Wed, 15 Apr 2009 06:33:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sven Joachim <svenjoac@gmx.de>:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Wed, 15 Apr 2009 06:33:05 GMT) Full text and rfc822 format available.

Message #10 received at 524139@bugs.debian.org (full text, mbox):

From: Sven Joachim <svenjoac@gmx.de>
To: Chip Salzenberg <chip@pobox.com>
Cc: 524139@bugs.debian.org
Subject: Re: Bug#524139: login: tty perms very, weirdly wrong on console
Date: Wed, 15 Apr 2009 08:31:50 +0200
On 2009-04-15 06:26 +0200, Chip Salzenberg wrote:

> Package: login
> Version: 1:4.1.3-1
> Severity: grave
>
> When logging in on the console, the permission on e.g. /dev/tty1 are Weirdly Wrong:
>
>    # ls -l /dev/tty1
>    c--x-wx--T 1 root 4, 1 Apr 14 21:24 /dev/tty1
>
> "That's not right.  It's not even wrong."

Same here.  Looks like a problem with octal vs decimal numbers, because
that weird permissions are 1130 numerical, and 01130 = 600 in decimal.

Sven




Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#524139; Package login. (Wed, 15 Apr 2009 11:30:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sven Joachim <svenjoac@gmx.de>:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Wed, 15 Apr 2009 11:30:10 GMT) Full text and rfc822 format available.

Message #15 received at 524139@bugs.debian.org (full text, mbox):

From: Sven Joachim <svenjoac@gmx.de>
To: 524139@bugs.debian.org
Cc: Chip Salzenberg <chip@pobox.com>
Subject: Re: Bug#524139: login: tty perms very, weirdly wrong on console
Date: Wed, 15 Apr 2009 13:22:30 +0200
On 2009-04-15 08:31 +0200, Sven Joachim wrote:

> On 2009-04-15 06:26 +0200, Chip Salzenberg wrote:
>
>> Package: login
>> Version: 1:4.1.3-1
>> Severity: grave
>>
>> When logging in on the console, the permission on e.g. /dev/tty1 are Weirdly Wrong:
>>
>>    # ls -l /dev/tty1
>>    c--x-wx--T 1 root 4, 1 Apr 14 21:24 /dev/tty1
>>
>> "That's not right.  It's not even wrong."
>
> Same here.  Looks like a problem with octal vs decimal numbers, because
> that weird permissions are 1130 numerical, and 01130 = 600 in decimal.

The problem seems to be in the getlong function in lib/getlong.c, it
uses the wrong base for strtol:

	val = strtol (numstr, &endptr, 10);

and numstr contains "0600", so the result is 600 aka 01130 instead of
384 aka 0600.  Probably that line just needs to be changed to

	val = strtol (numstr, &endptr, 0);

to fix the problem.

Sven




Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#524139; Package login. (Wed, 15 Apr 2009 11:57:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Peter Vrabec <pvrabec@redhat.com>:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Wed, 15 Apr 2009 11:57:06 GMT) Full text and rfc822 format available.

Message #20 received at 524139@bugs.debian.org (full text, mbox):

From: Peter Vrabec <pvrabec@redhat.com>
To: pkg-shadow-devel@lists.alioth.debian.org, Sven Joachim <svenjoac@gmx.de>, 524139@bugs.debian.org
Cc: Chip Salzenberg <chip@pobox.com>
Subject: Re: [Pkg-shadow-devel] Bug#524139: login: tty perms very, weirdly wrong on console
Date: Wed, 15 Apr 2009 13:47:36 +0200
[Message part 1 (text/plain, inline)]
yeah, same problem in case home directories.

why didn't we catch this in pre-release  :(

On Wednesday 15 April 2009 01:22:30 pm Sven Joachim wrote:
> On 2009-04-15 08:31 +0200, Sven Joachim wrote:
> > On 2009-04-15 06:26 +0200, Chip Salzenberg wrote:
> >> Package: login
> >> Version: 1:4.1.3-1
> >> Severity: grave
> >>
> >> When logging in on the console, the permission on e.g. /dev/tty1 are
> >> Weirdly Wrong:
> >>
> >>    # ls -l /dev/tty1
> >>    c--x-wx--T 1 root 4, 1 Apr 14 21:24 /dev/tty1
> >>
> >> "That's not right.  It's not even wrong."
> >
> > Same here.  Looks like a problem with octal vs decimal numbers, because
> > that weird permissions are 1130 numerical, and 01130 = 600 in decimal.
>
> The problem seems to be in the getlong function in lib/getlong.c, it
> uses the wrong base for strtol:
>
> 	val = strtol (numstr, &endptr, 10);
>
> and numstr contains "0600", so the result is 600 aka 01130 instead of
> 384 aka 0600.  Probably that line just needs to be changed to
>
> 	val = strtol (numstr, &endptr, 0);
>
> to fix the problem.
>
> Sven
>
>
>
> _______________________________________________
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-shadow-devel


[shadow-4.1.3-base.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#524139; Package login. (Wed, 15 Apr 2009 18:03:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nicolas François <nicolas.francois@centraliens.net>:
Extra info received and forwarded to list. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>. (Wed, 15 Apr 2009 18:03:02 GMT) Full text and rfc822 format available.

Message #25 received at 524139@bugs.debian.org (full text, mbox):

From: Nicolas François <nicolas.francois@centraliens.net>
To: Sven Joachim <svenjoac@gmx.de>, 524139@bugs.debian.org
Subject: Re: Bug#524139: login: tty perms very, weirdly wrong on console
Date: Wed, 15 Apr 2009 19:57:42 +0200
Hello,

Thank you all for noticing, investigating and providing patches.

I will provide a new upstream release and Debian package tonight.

Best Regards,
-- 
Nekral




Reply sent to Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>:
You have taken responsibility. (Thu, 16 Apr 2009 00:18:03 GMT) Full text and rfc822 format available.

Notification sent to Chip Salzenberg <chip@pobox.com>:
Bug acknowledged by developer. (Thu, 16 Apr 2009 00:18:03 GMT) Full text and rfc822 format available.

Message #30 received at 524139-close@bugs.debian.org (full text, mbox):

From: Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>
To: 524139-close@bugs.debian.org
Subject: Bug#524139: fixed in shadow 1:4.1.3.1-1
Date: Wed, 15 Apr 2009 23:47:06 +0000
Source: shadow
Source-Version: 1:4.1.3.1-1

We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive:

login_4.1.3.1-1_i386.deb
  to pool/main/s/shadow/login_4.1.3.1-1_i386.deb
passwd_4.1.3.1-1_i386.deb
  to pool/main/s/shadow/passwd_4.1.3.1-1_i386.deb
shadow_4.1.3.1-1.diff.gz
  to pool/main/s/shadow/shadow_4.1.3.1-1.diff.gz
shadow_4.1.3.1-1.dsc
  to pool/main/s/shadow/shadow_4.1.3.1-1.dsc
shadow_4.1.3.1.orig.tar.gz
  to pool/main/s/shadow/shadow_4.1.3.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 524139@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> (supplier of updated shadow package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 15 Apr 2009 23:59:06 +0200
Source: shadow
Binary: passwd login
Architecture: source i386
Version: 1:4.1.3.1-1
Distribution: unstable
Urgency: low
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
Changed-By: Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>
Description: 
 login      - system login tools
 passwd     - change and administer password and group data
Closes: 524139 524193 524258
Changes: 
 shadow (1:4.1.3.1-1) unstable; urgency=low
 .
   * The "Le Puant Macéré" release.
     Sorry for the lack of cheese name in 1:4.1.3-1. At least this one should
     count for two.
   * New upstream release:
     - Fixed wrong parsing of octal permissions. This impacted login (permission
       of the TTYs, UMASK, ERASECHAR or KILLCHAR) in release 1:4.1.3-1 only.
       Closes: #524139, #524258
     - removed debian/patches/200_bin_nb: Applied upstream.
     - removed debian/patches/302_vim_selinux_support: Applied upstream.
     - Fixed login segfault when called without a username. Closes: #524193
Checksums-Sha1: 
 201d866d11c75a6997c0e4ca440a84bb54570bca 1559 shadow_4.1.3.1-1.dsc
 8fae6445ecff97fb4cdeab0034417589a6fd7e48 2682948 shadow_4.1.3.1.orig.tar.gz
 eec101afc23c31c6857b3645aa39ba8c2d0353d9 103439 shadow_4.1.3.1-1.diff.gz
 30091be756a185a9987c1ffa9f044864026cff20 929612 passwd_4.1.3.1-1_i386.deb
 6ff84d281f1dcf05e607c27501595fad9cda7947 682010 login_4.1.3.1-1_i386.deb
Checksums-Sha256: 
 3c5d9942fd42dca12a1437568fd69fe8caeef970558c51c6d1e210c78f410ddc 1559 shadow_4.1.3.1-1.dsc
 3be8d9e8cf383a8d6236107a212668ab27297a834988ea1c44f836aa072ce798 2682948 shadow_4.1.3.1.orig.tar.gz
 7b00dd4951a966cb04178bbcce6e200f4d101a631c0f3acce50c3a897cf4da94 103439 shadow_4.1.3.1-1.diff.gz
 9df4a8b67b7fcc3c6e6ef3c313bae5199c6d747f0d4be1d121f77eff122b5c82 929612 passwd_4.1.3.1-1_i386.deb
 706253a2b197faca1d84be6c137d9bbb8d1efca9a87d30ad9a553389cdcff645 682010 login_4.1.3.1-1_i386.deb
Files: 
 332665658bc5bb5582dcc4bc7d638a3a 1559 admin required shadow_4.1.3.1-1.dsc
 dd22f2ad8f7550bc1177ddcca49877ff 2682948 admin required shadow_4.1.3.1.orig.tar.gz
 ce408b687818f0f4d3691c19d4a8db72 103439 admin required shadow_4.1.3.1-1.diff.gz
 8729c7b7561a97dbddd46e138815da2a 929612 admin required passwd_4.1.3.1-1_i386.deb
 44e93260d2ea563ed74119138eb44719 682010 admin required login_4.1.3.1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAknmbUYACgkQWgo5mup89a0JdACfd+aTQjZhM7SlJxf7Hz7g1+VL
McUAnAxrlmzQJxRoHn5u2uJEHaHmGX4R
=jeeK
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 16 May 2009 07:38:12 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 11:51:40 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.