diff options
| author | Jim Meyering <meyering@redhat.com> | 2012-04-27 13:28:32 +0200 |
|---|---|---|
| committer | Jim Meyering <meyering@redhat.com> | 2012-04-27 19:54:03 +0200 |
| commit | 032a549481444395558286b433296c97c09c721d (patch) | |
| tree | 9fcec7e2cd465fc8a49130cb677d593bffb41bc5 /tests | |
| parent | 8f6c5d43273de862dda88e9894486a82b75a804e (diff) | |
| download | coreutils-032a549481444395558286b433296c97c09c721d.tar.xz | |
id,groups: with no user name, print only real and/or effective IDs,
... i.e., don't use the getpw* functions.
Before this change, running groups or id with no user name argument
would include a group name or ID from /etc/passwd. Thus, under unusual
circumstances (default group is changed, but has not taken effect for a
given session), those programs could print a name or ID that is neither
real nor effective.
To demonstrate, run this:
echo 'for i in 1 2; do id -G; sleep 1.5; done' \
|su -s /bin/sh ftp - &
sleep 1; perl -pi -e 's/^(ftp:x:\d+):(\d+)/$1:9876/' /etc/passwd
Those id -G commands printed the following:
50
50 9876
With this change, they print this:
50
50
Similarly, running those programs set-GID could make them
print one ID too many.
* src/group-list.c (print_group_list): When username is NULL, pass
egid, not getpwuid(ruid)->pw_gid), to xgetgroups, per the API
requirements of xgetgroups callee, mgetgroups.
When not using the password database, don't call getpwuid.
* NEWS (Bug fixes): Mention it.
* tests/misc/id-setgid: New file.
* tests/Makefile.am (TESTS): Add it.
(root_tests): It's a root-only test, so add it here, too.
Originally reported by Brynnen Owen as http://bugs.gnu.org/7320.
Raised again by Marc Mengel in http://bugzilla.redhat.com/816708.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/Makefile.am | 2 | ||||
| -rwxr-xr-x | tests/misc/id-setgid | 34 |
2 files changed, 36 insertions, 0 deletions
diff --git a/tests/Makefile.am b/tests/Makefile.am index ce2366b58..72717e318 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -36,6 +36,7 @@ root_tests = \ ls/nameless-uid \ misc/chcon \ misc/chroot-credentials \ + misc/id-setgid \ misc/selinux \ misc/truncate-owned-by-other \ mkdir/writable-under-readonly \ @@ -198,6 +199,7 @@ TESTS = \ misc/head-pos \ misc/id-context \ misc/id-groups \ + misc/id-setgid \ misc/md5sum \ misc/md5sum-bsd \ misc/md5sum-newline \ diff --git a/tests/misc/id-setgid b/tests/misc/id-setgid new file mode 100755 index 000000000..12fab381b --- /dev/null +++ b/tests/misc/id-setgid @@ -0,0 +1,34 @@ +#!/bin/sh +# Verify that id -G prints the right group when run set-GID. + +# Copyright (C) 2012 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +. "${srcdir=.}/init.sh"; path_prepend_ ../src +print_ver_ id +require_root_ + +g=$(id -u $NON_ROOT_USERNAME) || framework_failure_ + +# Construct a different group number. +gp1=$(expr $g + 1) + +echo $gp1 > exp || framework_failure_ + +setuidgid -g $gp1 $NON_ROOT_USERNAME env PATH="$PATH" id -G > out || fail=1 +compare exp out || fail=1 +# With coreutils-8.16 and earlier, id -G would print both: $gp1 $g + +Exit $fail |