Re: pw keeps setting /etc/group to 0600

From: Baptiste Daroussin <bapt_at_freebsd.org>
Date: Tue, 20 Nov 2012 08:24:59 +0100
On Mon, Nov 19, 2012 at 11:37:45PM +0100, Baptiste Daroussin wrote:
> On Mon, Nov 19, 2012 at 11:28:43PM +0100, Mateusz Guzik wrote:
> > On Sat, Nov 17, 2012 at 11:20:21AM -0500, Ryan Stone wrote:
> > > My original complaint that /etc/group gets permissions of 0600 is a result
> > > of a bug in libutil, which bapt_at_ ported pw to use in r242349.  The new
> > > group manipulation API using mktemp to create a temporary file, writes the
> > > new group database to the temp file and then renames the temp file to
> > > /etc/group.  The problem here is that mktemp creates a file with a mode of
> > > 600, and libutil never chmods it.  That should be pretty trivial to fix.
> > 
> > My additional 0,03$:
> > 
> > I took closer look to this and I think that problems are much broader
> > than this. I don't know if similar problems were present before.
> > 
> > First, pw should not fail if other instance is running, it should wait
> > instead (think of parallel batch scripts adding some users/groups).
> > 
> > Second, current code has a race:
> > lockfd = open(group_file, O_RDONLY, 0);
> > if (lockfd < 0 || fcntl(lockfd, F_SETFD, 1) == -1)
> > 	err(1, "%s", group_file);
> > if (flock(lockfd, LOCK_EX|LOCK_NB) == -1) {
> > [..]
> > gr_copy(pfd, tfd, gr, old_gr); /* copy from groupfile to tempfile */
> > [..]
> > rename(tempfile,groupfile);
> > 
> > Now let's consider threads A and B:
> > 
> > A: open()
> > A: lock();
> > A: gr_copy
> > B: open()
> > 
> > Now B has file descriptor to /etc/group that is about to be removed.
> > 
> > A: rename()
> > A: unlock()
> > B: lock()
> > 
> > Now B has a lock on unlinked file.
> > 
> > B: gr_copy()
> > B: rename()
> > 
> > ... and stores new content losing modifications done by A
> > 
> > Third, I don't like current api.
> > gr_lock and gr_tmp have no arguments (that matter anyway)
> > gr_copy operates on two descriptors given as arguments
> > gr_mkdb takes nothing and is expected to do The Right Thing
> 
> gr_mkdb should chmod 0644 after renaming if rename worked.
> 
> I should work on this soon.
> 
> The API has been design to match the exact same api of pw_utils, I don't like it
> either but at least this is consistent.
> 
> regards,
> Bapt


Should be fixed now,

regards,
Bapt

Received on Tue Nov 20 2012 - 06:25:04 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:32 UTC