From owner-freebsd-i386@FreeBSD.ORG Tue May 18 21:20:01 2010 Return-Path: Delivered-To: freebsd-i386@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E842E1065675 for ; Tue, 18 May 2010 21:20:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (unknown [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9F4988FC15 for ; Tue, 18 May 2010 21:20:01 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id o4ILK1Ya006242 for ; Tue, 18 May 2010 21:20:01 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id o4ILK1Eq006241; Tue, 18 May 2010 21:20:01 GMT (envelope-from gnats) Resent-Date: Tue, 18 May 2010 21:20:01 GMT Resent-Message-Id: <201005182120.o4ILK1Eq006241@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-i386@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Paul Rascagneres Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EC13D1065670 for ; Tue, 18 May 2010 21:11:26 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21]) by mx1.freebsd.org (Postfix) with ESMTP id CE1A78FC0A for ; Tue, 18 May 2010 21:11:26 +0000 (UTC) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.14.3/8.14.3) with ESMTP id o4ILBQ1F025067 for ; Tue, 18 May 2010 21:11:26 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.14.3/8.14.3/Submit) id o4ILBQIM025066; Tue, 18 May 2010 21:11:26 GMT (envelope-from nobody) Message-Id: <201005182111.o4ILBQIM025066@www.freebsd.org> Date: Tue, 18 May 2010 21:11:26 GMT From: Paul Rascagneres To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: i386/146718: We can create a file in /etc with simple user using chpass X-BeenThere: freebsd-i386@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: I386-specific issues for FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 May 2010 21:20:02 -0000 >Number: 146718 >Category: i386 >Synopsis: We can create a file in /etc with simple user using chpass >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-i386 >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue May 18 21:20:01 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Paul Rascagneres >Release: FreeBSD 8.0 >Organization: - >Environment: FreeBSD freebsd-laptop 8.0-STABLE FreeBSD 8.0-STABLE #1: Thu May 13 18:40:45 UTC 2010 root@freebsd-laptop:/usr/obj/usr/src/sys/POL_DTRACE i386 >Description: We can create a file in /etc by killing chpass. Example on my website : http://www.r00ted.com/doku.php?id=0day_freebsd_chpass Example : On xterm 1 : [pol@freebsd-laptop]$ export EDITOR=vi [pol@freebsd-laptop]$ chpass #Changing user information for pol. Shell: /usr/local/bin/bash Full Name: User & Office Location: Office Phone: Home Phone: Other information: On xterm 2 : [pol@freebsd-laptop ~]$ ps aux | grep chpass root 1736 0.0 0.1 3504 1276 2 SN+ 11:56PM 0:00.00 chpass pol 1739 0.0 0.1 3496 1260 4 SN+ 11:56PM 0:00.00 grep chpass [pol@freebsd-laptop ~]$ pstree 1736 -+= 01736 root chpass \--- 01737 pol vi /etc/pw.Iu09aU [pol@freebsd-laptop ~]$ kill -9 01736 After kill the file is not remove from /etc : [pol@freebsd-laptop ~]$ ls -l /etc/pw.Iu09aU -rw------- 1 pol pol 147 May 17 23:56 /etc/pw.Iu09aU I think it's strange to create temp file in /etc... Why put it on /tmp? >How-To-Repeat: I mention it on full description. >Fix: I think you need to modify the tempname in the file /usr/src/lib/libutil/pw_util.c to put it on /tmp >Release-Note: >Audit-Trail: >Unformatted: