[Bug 4496] New: passwd applet ruins UID field in /etc/passwd

bugzilla at busybox.net bugzilla at busybox.net
Fri Nov 18 10:46:23 UTC 2011 

https://bugs.busybox.net/show_bug.cgi?id=4496

           Summary: passwd applet ruins UID field in /etc/passwd
           Product: Busybox
           Version: 1.19.x
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: Other
        AssignedTo: unassigned at busybox.net
        ReportedBy: jmkok at youcom.nl
                CC: busybox-cvs at busybox.net
   Estimated Hours: 0.0


When changing the password for a user, the UID field (in /etc/passwd) is
overwritten by the "date of last password change" (from /etc/shadow).

[/etc/passwd] before:
root:x:0:0:root:/root:/bin/sh

Now I execute:
passwd -d root

And /etc/passwd 
root:x:15296:0:root:/root:/bin/sh
(note: 15296 is the day which is normally to be set in the "shadow" file)

After some bugtracking I ended up in "update_passwd.c". The update_passwd() is
used for both updating the passwd as well as the shadow file.

It seems that the following line is strangely not working the second time the
function is run:
const char *shadow = strstr(filename, "shadow");

I added the following debug lines to the code:
+       printf("filename: %s (%p)\n", filename, filename);
        const char *shadow = strstr(filename, "shadow");
+       printf("shadow: %s (%p)\n", shadow, shadow);

compiled it, and ran it:

~# passwd -d root
filename: /etc/shadow (0x9e923)
shadow: shadow (0x9e928)
filename: /etc/passwd (0x9e917)
shadow: shadow (0x9e928)
Password for root changed by root

The bizar thing is that you see that the second us of strstr(filename,
"shadow") actually returns the pointer of the first strstr(filename, "shadow").

This must be a compiler or linker optimization...

As a result the update_passwd() thinks it is updating the shadow file instead
of the passwd file, and incorrectly setting the 2nd field in this file...

More info:
platform: ARM9
compiler: arm-none-linux-gnueabi v4.5.2 (Sourcery G++ Lite 2011.03-41)

Tried the following with no avail:
- removed the "FAST_FUNC" attribute
- compiled using gcc version 4.4.1 (Sourcery G++ Lite 2009q3-67)

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the busybox-cvs mailing list