Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-1521

libpromises Str2Uid/Str2Gid functions ID check

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.6.1
    • Component/s: Built-in functions
    • Labels:
      None

      Description

      The Str2Uid/Str2Gid functions in libpromises/conversion.c check only the first character of the provided string to see if it is a digit - if so the whole string is treated as an ID. This breaks handling of access/ownership promises for user/group names that start with a digit.

      <pre><code>

      1. groupadd -g 3000 3p-contractor
      2. useradd -g 3p-contractor -u 3000 3p-contractor
      3. touch /tmp/testfile8
      4. chown 3p-contractor:3p-contractor /tmp/testfile8
      5. ll /tmp/testfile8
        rw-rr-. 1 3p-contractor 3p-contractor 0 Jun 17 00:01 /tmp/testfile8
      6. cat test.cf
        body common control {
        bundlesequence => { "go" }

        ;
        }

      bundle agent go {
      files:
      "/tmp/testfile8"
      perms => mog("0644", "3p-contractor", "3p-contractor"),
      create => "true";
      }

      body perms mog(mode, user, group) {
      owners =>

      { "$(user)" }

      ;
      groups =>

      { "$(group)" }

      ;
      mode => "$(mode)";
      }

      1. cf-agent -KIf ./test.cf
        2014-06-17T00:01:55+0200 info: /go/files/'/tmp/testfile8': Owner of '/tmp/testfile8' was 3000, setting to 3
        2014-06-17T00:01:55+0200 info: /go/files/'/tmp/testfile8': Group of '/tmp/testfile8' was 3000, setting to 3
      2. ll /tmp/testfile8
        rw-rr-. 1 adm sys 0 Jun 17 00:01 /tmp/testfile8
      3. grep ':x:3:' /etc/passwd /etc/group
        /etc/passwd:adm:x:3:4:adm:/var/adm:/sbin/nologin
        /etc/group:sys:x:3:bin,adm
        </pre></code>

      The workaround is to specify UID/GIDs rather than user/group names.

      See https://github.com/cfengine/core/pull/1756

        Attachments

          Activity

            People

            Assignee:
            a10040 Kristian Amlie
            Reporter:
            gwall Gary Wall (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: