[Bug 296532] Re: Reuse of a user id causes a transfer of ownership of a file from deleted user to newly created user
Robert Arkenin
296532 at bugs.launchpad.net
Thu Jun 21 18:19:48 UTC 2012
I disagree. Linux(a distro) non-power users delete their users, who have
data outside their home directories because they don't understand NOT to
do that, add users, UID's get reused, and they are vulnerable. Systems
should beat least somewhat idiot-proof for security.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to adduser in Ubuntu.
https://bugs.launchpad.net/bugs/296532
Title:
Reuse of a user id causes a transfer of ownership of a file from
deleted user to newly created user
Status in “adduser” package in Ubuntu:
Won't Fix
Status in “adduser” package in Debian:
Confirmed
Bug description:
Binary package hint: bash
The scenario goes like this; this is a description of exactly what I
did. User test existed on the system. I delete user test and create
user test again. Then i go to a folder with rwxrwxrwx permissions that
is /home/rakesh/test and switch user to test from root. Next I create
a file hello.sh and give it permissions rwsrwsrwx. After that I exit
user test and get back to root and delete user test, which results in
the owner and group of the file changing to 1001 which was the uid&gid
assigned to test. This is all fine.
Now, I create user test2 and uid 1001 gets reused. Doing ls -l now
shows me that hello.sh now has owner test2. Whats even more
interesting is that the setuid still remains. How is this valid
behaviour?
Version Info:
root at rakesh-vm:/home/rakesh/test# uname -a
Linux rakesh-vm 2.6.24-21-generic #1 SMP Tue Oct 21 23:43:45 UTC 2008 i686 GNU/Linux
root at rakesh-vm:/home/rakesh/test# cat /etc/issue
Ubuntu 8.04.1 \n \l
Below is the actual console output:
-- Start copy paste from console --
root at rakesh-vm:/home/rakesh# cd
root at rakesh-vm:~# deluser test
Removing user `test' ...
Warning: Removing group `test', since no other user is part of it.
Done.
root at rakesh-vm:~# clear
root at rakesh-vm:~# clear
root at rakesh-vm:~# adduser test
Adding user `test' ...
Adding new group `test' (1001) ...
Adding new user `test' (1001) with group `test' ...
The home directory `/home/test' already exists. Not copying from `/etc/skel'.
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for test
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/N] y
root at rakesh-vm:~# cd /home/rakesh/test
root at rakesh-vm:/home/rakesh/test# ls
root at rakesh-vm:/home/rakesh/test# su test
test at rakesh-vm:/home/rakesh/test$ vim hello.sh
test at rakesh-vm:/home/rakesh/test$ cat hello.sh
echo $HOME
test at rakesh-vm:/home/rakesh/test$ ls -l hello.sh
-rw-r--r-- 1 test test 11 2008-11-10 17:21 hello.sh
test at rakesh-vm:/home/rakesh/test$ chmod 777 hello.sh
test at rakesh-vm:/home/rakesh/test$ chmod +s hello.sh
test at rakesh-vm:/home/rakesh/test$ ls -l
total 4
-rwsrwsrwx 1 test test 11 2008-11-10 17:21 hello.sh
test at rakesh-vm:/home/rakesh/test$ exit
exit
root at rakesh-vm:/home/rakesh/test# sh hello.sh
/root
root at rakesh-vm:/home/rakesh/test# ls -l
total 4
-rwsrwsrwx 1 test test 11 2008-11-10 17:21 hello.sh
root at rakesh-vm:/home/rakesh/test# deluser test
Removing user `test' ...
Warning: Removing group `test', since no other user is part of it.
Done.
root at rakesh-vm:/home/rakesh/test# ls -l
total 4
-rwsrwsrwx 1 1001 1001 11 2008-11-10 17:21 hello.sh
root at rakesh-vm:/home/rakesh/test# adduser test2
Adding user `test2' ...
Adding new group `test2' (1001) ...
Adding new user `test2' (1001) with group `test2' ...
Creating home directory `/home/test2' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for test2
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/N] y
root at rakesh-vm:/home/rakesh/test# ls -l
total 4
-rwsrwsrwx 1 test2 test2 11 2008-11-10 17:21 hello.sh
root at rakesh-vm:/home/rakesh/test# uname -a
Linux rakesh-vm 2.6.24-21-generic #1 SMP Tue Oct 21 23:43:45 UTC 2008 i686 GNU/Linux
root at rakesh-vm:/home/rakesh/test# cat /etc/issue
Ubuntu 8.04.1 \n \l
root at rakesh-vm:/home/rakesh/test#
-- End copy paste from console --
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adduser/+bug/296532/+subscriptions
More information about the foundations-bugs
mailing list