Ubuntu
shadow package

newgrp segfaults on exit when default group isn't in /etc/groups

Bug #130205 reported by Robert Rich
6
Affects Status Importance Assigned to Milestone
shadow (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

If a user's default group isn't in /etc/group, and they newgrp to a new group, exiting back to login shell causes a segfault in newgrp.

Not sure if it's a security vulnerability, but it's a segfault in an setuid binary.

Revision history for this message
Robert Rich (rrich) wrote :

wrong package, should have been 'login'...sorry

Revision history for this message
Kees Cook (kees) wrote :

Thanks for reporting this bug. This appears to be a NULL dereference, and does not seem exploitable. I have unmarked it security/private. Please feel free to report other bugs you may find.

$ ps auwwx | grep newgrp
root 23490 0.0 0.0 21900 1064 pts/13 S 14:09 0:00 newgrp testing
$ sudo gdb $(which newgrp) 23490
...
0x00002b81453ebb05 in waitpid () from /lib/libc.so.6
(gdb) cont
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x0000000000402903 in ?? ()
(gdb) info reg
rax 0x0 0
...
(gdb) x/5i $pc
0x402903 <_IO_putc@plt+3123>: mov (%rax),%r9

Changed in shadow:
importance: Undecided → Low
status: New → Confirmed
Revision history for this message
Robert Rich (rrich) wrote : RE: [Bug 130205] Re: newgrp segfaults on exit when default group isn't in/etc/groups

Awesome...i didn't want to cry wolf but didn't have the chops to figure it out myself.

Thanks!

Bob

-----Original Message-----
From: <email address hidden> [mailto:<email address hidden>] On Behalf Of Kees Cook
Sent: Monday, August 06, 2007 5:13 PM
To: Robert Rich
Subject: [Bug 130205] Re: newgrp segfaults on exit when default group isn't in/etc/groups

Thanks for reporting this bug. This appears to be a NULL dereference,
and does not seem exploitable. I have unmarked it security/private.
Please feel free to report other bugs you may find.

$ ps auwwx | grep newgrp
root 23490 0.0 0.0 21900 1064 pts/13 S 14:09 0:00 newgrp testing
$ sudo gdb $(which newgrp) 23490
...
0x00002b81453ebb05 in waitpid () from /lib/libc.so.6
(gdb) cont
Continuing.
Program received signal SIGSEGV, Segmentation fault.
0x0000000000402903 in ?? ()
(gdb) info reg
rax 0x0 0
...
(gdb) x/5i $pc
0x402903 <_IO_putc@plt+3123>: mov (%rax),%r9

** Changed in: shadow (Ubuntu)
   Importance: Undecided => Low
       Status: New => Confirmed

** Visibility changed to: Public

** This bug is no longer flagged as a security issue

--
newgrp segfaults on exit when default group isn't in /etc/groups
https://bugs.launchpad.net/bugs/130205
You received this bug notification because you are a direct subscriber
of the bug.

Revision history for this message
Nicolas François (nekral-lists) wrote :

This was fixed in upstream 4.1.1.

No security implications were foreseen neither at that time.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.