[Bug 900304] Re: Effective permissions and long group names - getfacl: malloc(): memory corruption
Helge
900304 at bugs.launchpad.net
Tue Dec 6 11:17:20 UTC 2011
** Description changed:
I have found a combination of ACLs that, when set on a file on an Active
- Directory joined (using Centrify Express) Ubuntu 10.04 server, will
- crash the getfacl program upon reading.
+ Directory joined Ubuntu 10.04 server, will crash the getfacl program
+ upon reading the ACL entries.
- The program crash seems to appear only when user and group names are in
- an "unusual" format, as when using AD integration tools such as
- CentrifyDC Express or Likewise-Open 6.
+ The crash appears under the following conditions:
+ 1) getfacl is about to list effective permissions (i.e. limited by mask) for at least two ACL entries.
+ 2) At least one of these entries has a user/group name longer than 32 characters.
+ 3) The output of getfacl is not redirected or piped to another program/file.
- Running the test on a separate, non-AD joined host, using regular local user and groups, does not yield errors.
- The error only seems to appear on certain combinations of user and group names.
+ Normally, user/group names longer than 32 characters are prevented from
+ being created on the local system, but they are possible when using
+ central authentication tools such as Centrify DirectControl and Likewise
+ Open.
- Examples of the "unusual" format I talk about:
- - DOMAIN\\this_is_a_rather_long_name
- - this_is_a_rather_long_name at domain.tld
+ The crash happens when effective permissions are to be listed, and only when the output of getfacl is written directly to terminal.Running the test on a separate, non-AD joined host, using regular local users and groups of maximum 32 characters, does not yield any errors.
+ I have tested and confirmed this bug on two independent systems, both running Ubuntu 10.04 Server, with one using CentrifyDC Express 4.4.3 for AD integration and the other one using Likewise-Open 6.
- Quite interesting, the bug does not appear when the output of getfacl is
- piped to another program or redirected to a file.
=== HOW TO REPRODUCE ===
- Since the bug does not appear when using locally valid names, it may be required to install centrifydc express or likewise-open and set up an Active Directory environment for testing... or use something else that produces the "unusual" format in user/group names (perhaps LDAP can be used?).
+ Since the bug does not appear when using locally valid names, it may be required to install centrifydc, likewise-open or another tool in order to create a test environment with user/group names longer than 32 characters. Perhaps LDAP can be used too?
This example uses Centrify DirectControl 4.4.3 Express for AD
integration.
mkdir testdir
touch testdir/testfile
setfacl -Rd -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
setfacl -Rn -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
getfacl testdir # crash, getfacl_testdir_noredirect_crash.log
getfacl testdir > getfacl_testdir_redirect_nocrash.log
getfacl testdir/testfile # crash, getfacl_testfile_noredirect_crash.log
getfacl testdir/testfile > getfacl_testfile_redirect_nocrash.log
=== ATTACHED LOGS ===
getfacl_testdir_noredirect_crash.log (copied from terminal)
getfacl_testdir_redirect_nocrash.log (redirected to log file)
getfacl_testfile_noredirect_crash.log (copied from terminal)
getfacl_testfile_redirect_nocrash.log (redirected to log file)
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: acl 2.2.49-2
ProcVersionSignature: Ubuntu 2.6.32-36.79-server 2.6.32.46+drm33.20
Uname: Linux 2.6.32-36-server x86_64
Architecture: amd64
Date: Mon Dec 5 14:43:30 2011
InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
ProcEnviron:
PATH=(custom, no user)
LANG=en_DK.UTF-8
SHELL=/bin/bash
SourcePackage: acl
** Description changed:
I have found a combination of ACLs that, when set on a file on an Active
Directory joined Ubuntu 10.04 server, will crash the getfacl program
upon reading the ACL entries.
The crash appears under the following conditions:
1) getfacl is about to list effective permissions (i.e. limited by mask) for at least two ACL entries.
2) At least one of these entries has a user/group name longer than 32 characters.
- 3) The output of getfacl is not redirected or piped to another program/file.
+ 3) The output of getfacl is not redirected nor piped to another program/file.
Normally, user/group names longer than 32 characters are prevented from
being created on the local system, but they are possible when using
central authentication tools such as Centrify DirectControl and Likewise
Open.
- The crash happens when effective permissions are to be listed, and only when the output of getfacl is written directly to terminal.Running the test on a separate, non-AD joined host, using regular local users and groups of maximum 32 characters, does not yield any errors.
- I have tested and confirmed this bug on two independent systems, both running Ubuntu 10.04 Server, with one using CentrifyDC Express 4.4.3 for AD integration and the other one using Likewise-Open 6.
+ The crash happens when effective permissions are to be listed, and only when the output of getfacl is written directly to terminal.
+ Running the test on a separate, non-AD joined host, using regular local users and groups of maximum 32 characters, does not yield any errors.
+ I have tested and confirmed this bug on two independent systems, both
+ running Ubuntu 10.04 Server, with one using CentrifyDC Express 4.4.3 for
+ AD integration and the other one using Likewise-Open 6.
=== HOW TO REPRODUCE ===
Since the bug does not appear when using locally valid names, it may be required to install centrifydc, likewise-open or another tool in order to create a test environment with user/group names longer than 32 characters. Perhaps LDAP can be used too?
This example uses Centrify DirectControl 4.4.3 Express for AD
integration.
mkdir testdir
touch testdir/testfile
setfacl -Rd -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
setfacl -Rn -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
getfacl testdir # crash, getfacl_testdir_noredirect_crash.log
getfacl testdir > getfacl_testdir_redirect_nocrash.log
getfacl testdir/testfile # crash, getfacl_testfile_noredirect_crash.log
getfacl testdir/testfile > getfacl_testfile_redirect_nocrash.log
=== ATTACHED LOGS ===
getfacl_testdir_noredirect_crash.log (copied from terminal)
getfacl_testdir_redirect_nocrash.log (redirected to log file)
getfacl_testfile_noredirect_crash.log (copied from terminal)
getfacl_testfile_redirect_nocrash.log (redirected to log file)
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: acl 2.2.49-2
ProcVersionSignature: Ubuntu 2.6.32-36.79-server 2.6.32.46+drm33.20
Uname: Linux 2.6.32-36-server x86_64
Architecture: amd64
Date: Mon Dec 5 14:43:30 2011
InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
ProcEnviron:
PATH=(custom, no user)
LANG=en_DK.UTF-8
SHELL=/bin/bash
SourcePackage: acl
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to acl in Ubuntu.
https://bugs.launchpad.net/bugs/900304
Title:
Effective permissions and long group names - getfacl: malloc(): memory
corruption
Status in “acl” package in Ubuntu:
New
Bug description:
I have found a combination of ACLs that, when set on a file on an
Active Directory joined Ubuntu 10.04 server, will crash the getfacl
program upon reading the ACL entries.
The crash appears under the following conditions:
1) getfacl is about to list effective permissions (i.e. limited by mask) for at least two ACL entries.
2) At least one of these entries has a user/group name longer than 32 characters.
3) The output of getfacl is not redirected nor piped to another program/file.
Normally, user/group names longer than 32 characters are prevented
from being created on the local system, but they are possible when
using central authentication tools such as Centrify DirectControl and
Likewise Open.
The crash happens when effective permissions are to be listed, and only when the output of getfacl is written directly to terminal.
Running the test on a separate, non-AD joined host, using regular local users and groups of maximum 32 characters, does not yield any errors.
I have tested and confirmed this bug on two independent systems, both
running Ubuntu 10.04 Server, with one using CentrifyDC Express 4.4.3
for AD integration and the other one using Likewise-Open 6.
=== HOW TO REPRODUCE ===
Since the bug does not appear when using locally valid names, it may be required to install centrifydc, likewise-open or another tool in order to create a test environment with user/group names longer than 32 characters. Perhaps LDAP can be used too?
This example uses Centrify DirectControl 4.4.3 Express for AD
integration.
mkdir testdir
touch testdir/testfile
setfacl -Rd -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
setfacl -Rn -m user:phk at civil.aau.dk:rwx -m group:vhost_arch-civil-aau-dk_full at civil.aau.dk:rwx testdir/
getfacl testdir # crash, getfacl_testdir_noredirect_crash.log
getfacl testdir > getfacl_testdir_redirect_nocrash.log
getfacl testdir/testfile # crash, getfacl_testfile_noredirect_crash.log
getfacl testdir/testfile > getfacl_testfile_redirect_nocrash.log
=== ATTACHED LOGS ===
getfacl_testdir_noredirect_crash.log (copied from terminal)
getfacl_testdir_redirect_nocrash.log (redirected to log file)
getfacl_testfile_noredirect_crash.log (copied from terminal)
getfacl_testfile_redirect_nocrash.log (redirected to log file)
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: acl 2.2.49-2
ProcVersionSignature: Ubuntu 2.6.32-36.79-server 2.6.32.46+drm33.20
Uname: Linux 2.6.32-36-server x86_64
Architecture: amd64
Date: Mon Dec 5 14:43:30 2011
InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
ProcEnviron:
PATH=(custom, no user)
LANG=en_DK.UTF-8
SHELL=/bin/bash
SourcePackage: acl
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/acl/+bug/900304/+subscriptions
More information about the foundations-bugs
mailing list