[Bug 1188820] Re: shadow file permissions broken

Ben Howard ben.howard at canonical.com
Wed Aug 7 13:05:33 UTC 2013 

** Description changed:

+ [Impact]: WALinuxAgent, when provisioning, may delete the root password.
+ However, in doing so, it changes the permissions of the shadow file from
+ 0400 to 000.
+ 
+ [Regression]: This change simple sets the proper permission on
+ /etc/shadow.
+ 
+ [Test Case]: Make sure that the permissions are 0400.
+ 
+ [Originial Report]:
+ 
  inside an azure instance:
  
  $ ls -altr /etc/shadow
  ---------- 1 root root 902 Jun  7 20:23 /etc/shadow
  
- 
  /usr/sbin/waagent has:
  def DeleteRootPassword():
-     filepath="/etc/shadow"
-     ReplaceFileContentsAtomic(filepath, "root:*LOCK*:14600::::::\n" + "\n".join(filter(lambda a: not
-         a.startswith("root:"),
-         GetFileContents(filepath).split('\n'))))
-     os.chmod(filepath, 0000)
-     if IsRedHat():
-         Run("chcon system_u:object_r:shadow_t:s0 " + filepath)
-     Log("Root password deleted.")
- 
+     filepath="/etc/shadow"
+     ReplaceFileContentsAtomic(filepath, "root:*LOCK*:14600::::::\n" + "\n".join(filter(lambda a: not
+         a.startswith("root:"),
+         GetFileContents(filepath).split('\n'))))
+     os.chmod(filepath, 0000)
+     if IsRedHat():
+         Run("chcon system_u:object_r:shadow_t:s0 " + filepath)
+     Log("Root password deleted.")
  
  more correct permissions on that file would be:
  $ ls -altr /etc/shadow
  -rw-r----- 1 root shadow 1497 May 29 16:51 /etc/shadow
  
  ProblemType: Bug
  DistroRelease: Ubuntu 13.04
  Package: walinuxagent 1.3.2-0ubuntu1 [modified: usr/sbin/waagent]
  ProcVersionSignature: Ubuntu 3.8.0-23.34-generic 3.8.11
  Uname: Linux 3.8.0-23-generic x86_64
  ApportVersion: 2.9.2-0ubuntu8
  Architecture: amd64
  Date: Fri Jun  7 20:32:03 2013
  MarkForUpload: True
  ProcEnviron:
-  TERM=screen
-  PATH=(custom, no user)
-  LANG=en_US.UTF-8
-  SHELL=/bin/bash
+  TERM=screen
+  PATH=(custom, no user)
+  LANG=en_US.UTF-8
+  SHELL=/bin/bash
  SourcePackage: walinuxagent
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to walinuxagent in Ubuntu.
https://bugs.launchpad.net/bugs/1188820

Title:
  shadow file permissions broken

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/walinuxagent/+bug/1188820/+subscriptions

More information about the Ubuntu-server-bugs mailing list