Package: uidmap
Version: 1:4.18.0-2
Severity: important
Tags: patch
X-Debbugs-Cc: [email protected], [email protected],
[email protected]
Control: affects -1 sbuild
Hi,
Since version 0.91.6, sbuild started to use getsubids to parse
/etc/subgid [1]. The format of this file is supposed to be [2]:
login name or UID : numerical subordinate group ID : numerical subordinate
group ID count
Unfortunately getsubids parses it as login name or *GID*. This breaks
when this file contains UID and when UID != GID:
$ id buildd
uid=2952(buildd) gid=1009(buildd) groupes=1009(buildd),115(sbuild)
$ grep 2952 /etc/subgid
2952:193462272:65536
$ getsubids -g buildd
Error fetching ranges
Fortunately it seems that newgidmap parses the file correctly, so this
is not a security issue.
The following untested patch should fix the issue (which means that
get_owner_id() can be simplified as this is the only caller:
--- shadow-4.19.3.orig/lib/subordinateio.c
+++ shadow-4.19.3/lib/subordinateio.c
@@ -908,7 +908,7 @@ int list_owner_ranges(const char *owner,
return -1;
}
- have_owner_id = get_owner_id(owner, id_type, id);
+ have_owner_id = get_owner_id(owner, ID_TYPE_UID, id);
commonio_rewind(db);
while (NULL != (range = commonio_next(db))) {
Regards
Aurelien
[1]
https://salsa.debian.org/debian/sbuild/-/commit/590c06cd5a76b6758606cc30fea075816edda468
[2] https://manpages.debian.org/unstable/passwd/subgid.5.en.html
_______________________________________________
Pkg-shadow-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel
