[Bug 296532] Re: Reuse of a user id causes a transfer of ownership of a file from deleted user to newly created user

Robert Arkenin 296532 at bugs.launchpad.net
Thu Jun 21 18:19:48 UTC 2012 

I disagree. Linux(a distro) non-power users delete their users, who have
data outside their home directories because they don't understand NOT to
do that, add users, UID's get reused, and they are vulnerable. Systems
should beat least somewhat idiot-proof for security.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/296532

Title:
  Reuse of a user id causes a transfer of ownership of a file from
  deleted user to newly created user

Status in “adduser” package in Ubuntu:
  Won't Fix
Status in “adduser” package in Debian:
  Confirmed

Bug description:
  Binary package hint: bash

  The scenario goes like this; this is a description of exactly what I
  did. User test existed on the system. I delete user test and create
  user test again. Then i go to a folder with rwxrwxrwx permissions that
  is /home/rakesh/test and switch user to test from root. Next I create
  a file hello.sh and give it permissions rwsrwsrwx. After that I exit
  user test and get back to root and delete user test, which results in
  the owner and group of the file changing to 1001 which was the uid&gid
  assigned to test. This is all fine.

  Now, I create user test2 and uid 1001 gets reused. Doing ls -l now
  shows me that hello.sh now has owner test2. Whats even more
  interesting is that the setuid still remains. How is this valid
  behaviour?

  
  Version Info:
  root at rakesh-vm:/home/rakesh/test# uname -a
  Linux rakesh-vm 2.6.24-21-generic #1 SMP Tue Oct 21 23:43:45 UTC 2008 i686 GNU/Linux
  root at rakesh-vm:/home/rakesh/test# cat /etc/issue
  Ubuntu 8.04.1 \n \l

  
  Below is the actual console output:
  -- Start copy paste from console --

  root at rakesh-vm:/home/rakesh# cd
  root at rakesh-vm:~# deluser test
  Removing user `test' ...
  Warning: Removing group `test', since no other user is part of it.
  Done.
  root at rakesh-vm:~# clear
  root at rakesh-vm:~# clear
  root at rakesh-vm:~# adduser test
  Adding user `test' ...
  Adding new group `test' (1001) ...
  Adding new user `test' (1001) with group `test' ...
  The home directory `/home/test' already exists.  Not copying from `/etc/skel'.
  Enter new UNIX password:
  Retype new UNIX password:
  passwd: password updated successfully
  Changing the user information for test
  Enter the new value, or press ENTER for the default
          Full Name []:
          Room Number []:
          Work Phone []:
          Home Phone []:
          Other []:
  Is the information correct? [y/N] y
  root at rakesh-vm:~# cd /home/rakesh/test
  root at rakesh-vm:/home/rakesh/test# ls
  root at rakesh-vm:/home/rakesh/test# su test
  test at rakesh-vm:/home/rakesh/test$ vim hello.sh
  test at rakesh-vm:/home/rakesh/test$ cat hello.sh
  echo $HOME
  test at rakesh-vm:/home/rakesh/test$ ls -l hello.sh
  -rw-r--r-- 1 test test 11 2008-11-10 17:21 hello.sh
  test at rakesh-vm:/home/rakesh/test$ chmod 777 hello.sh
  test at rakesh-vm:/home/rakesh/test$ chmod +s hello.sh
  test at rakesh-vm:/home/rakesh/test$ ls -l
  total 4
  -rwsrwsrwx 1 test test 11 2008-11-10 17:21 hello.sh
  test at rakesh-vm:/home/rakesh/test$ exit
  exit
  root at rakesh-vm:/home/rakesh/test# sh hello.sh
  /root
  root at rakesh-vm:/home/rakesh/test# ls -l
  total 4
  -rwsrwsrwx 1 test test 11 2008-11-10 17:21 hello.sh
  root at rakesh-vm:/home/rakesh/test# deluser test
  Removing user `test' ...
  Warning: Removing group `test', since no other user is part of it.
  Done.
  root at rakesh-vm:/home/rakesh/test# ls -l
  total 4
  -rwsrwsrwx 1 1001 1001 11 2008-11-10 17:21 hello.sh
  root at rakesh-vm:/home/rakesh/test# adduser test2
  Adding user `test2' ...
  Adding new group `test2' (1001) ...
  Adding new user `test2' (1001) with group `test2' ...
  Creating home directory `/home/test2' ...
  Copying files from `/etc/skel' ...
  Enter new UNIX password:
  Retype new UNIX password:
  passwd: password updated successfully
  Changing the user information for test2
  Enter the new value, or press ENTER for the default
          Full Name []:
          Room Number []:
          Work Phone []:
          Home Phone []:
          Other []:
  Is the information correct? [y/N] y
  root at rakesh-vm:/home/rakesh/test# ls -l
  total 4
  -rwsrwsrwx 1 test2 test2 11 2008-11-10 17:21 hello.sh
  root at rakesh-vm:/home/rakesh/test# uname -a
  Linux rakesh-vm 2.6.24-21-generic #1 SMP Tue Oct 21 23:43:45 UTC 2008 i686 GNU/Linux
  root at rakesh-vm:/home/rakesh/test# cat /etc/issue
  Ubuntu 8.04.1 \n \l

  root at rakesh-vm:/home/rakesh/test#

  -- End copy paste from console --

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/296532/+subscriptions

More information about the foundations-bugs mailing list