Date: Fri, 20 Feb 2004 22:24:57 -0800 (PST) From: Paul <pprocacci@datapipe.com> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/63160: chown failed to chown valid files/dirs to valid username Message-ID: <200402210624.i1L6OvuR038618@www.freebsd.org> Resent-Message-ID: <200402210630.i1L6UKI2016990@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 63160 >Category: bin >Synopsis: chown failed to chown valid files/dirs to valid username >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Feb 20 22:30:19 PST 2004 >Closed-Date: >Last-Modified: >Originator: Paul >Release: 5.1-RELEASE-p11 >Organization: DataPipe >Environment: FreeBSD Lucky 5.1-RELEASE-p11 FreeBSD 5.1-RELEASE-p11 #0: Tue Jan 27 14:11:27 EST 2004 root@Lucky:/usr/obj/usr/src/sys/LUCKY i386 >Description: chown'ing a directory as such: chown nobody /path/to/directory fails. ############################### Lucky# ./chown nobody /usr/local/samba chown: nobody: Invalid argument ############################### Lucky# fgrep nobody /etc/passwd nobody:*:65534:65534:Unprivileged user:/nonexistent:/sbin/nologin ######################################## In /usr/src/usr.sbin/chown/chown.c line 262 it reads: val = strtoul(name, &ep, 10); man strtoul reads that the value of this function if an error returns will always return ERANGE. Adding if (errno == ERANGE) puts("Debug"); yeilds nothing. Adding printf("%d %d\n", ERANGE, errno); is showing EINVAL being returned. This looks like a bug in strtoul, as "name" (nobdoy), should be easily converted to an unsigned long val. >How-To-Repeat: run chown name dir where name is a name as in nobody and the uid, in my example is 65534. >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200402210624.i1L6OvuR038618>