Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 454079 - luseradd allows to create user called ".."
Summary: luseradd allows to create user called ".."
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: libuser
Version: 4.6
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Miloslav Trmač
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-04 13:12 UTC by Milos Malik
Modified: 2012-06-20 13:19 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-06-20 13:19:40 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Milos Malik 2008-07-04 13:12:45 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080416 Fedora/2.0.0.14-1.fc8 Firefox/2.0.0.14

Description of problem:
The luseradd command allows to create an user called ".." and the luserdel command allows to remove the user.

I know that POSIX allows usernames with dot(s), but a username containing dots only can be dangerous. There should be some check in these utilities.

I think that administrators are aware of possible problems with such names, but if these utilities are called in some script, which takes usernames from input file, they can cause a lot of damage.

Version-Release number of selected component (if applicable):
libuser-0.52.5-1.el4.3

How reproducible:
Always


Steps to Reproduce:
1. luseradd ..    # do NOT try on machine with important data !!!
2. luserdel -r .. # do NOT try on machine with important data !!!
3. ls -al /

Actual Results:
1. The user was created.
2. The user was removed together with its home directory which is /home/../
3. ls was not found.

Expected Results:
1. luseradd exits with an error message "invalid username".
2. luserdel exits with an error message "invalid username".
3. ls prints file and directory names as usual.

Additional info:
Tested on RHTS machine nec-em8.rhts.bos.redhat.com with fresh installation of RHEL4.6:

[root@nec-em8 ~]# luseradd ..
Error creating mail spool.
[root@nec-em8 ~]# ls -al /home/
total 16
drwxr-xr-x   2 root root 4096 Aug 12  2004 .
drwxr-xr-x  23 ..   ..   4096 Jul  4 08:16 ..
[root@nec-em8 ~]# ls -al /
total 198
drwxr-xr-x   23 ..   ..    4096 Jul  4 08:16 .
drwxr-xr-x   23 ..   ..    4096 Jul  4 08:16 ..
-rw-r--r--    1 root root     0 Jul  4 08:13 .autofsck
-rw-r--r--    1 ..   ..      24 Apr  1 13:11 .bash_logout
-rw-r--r--    1 ..   ..     191 Apr  1 13:11 .bash_profile
-rw-r--r--    1 ..   ..     124 Apr  1 13:11 .bashrc
drwxr-xr-x    2 root root  4096 Jul  4 08:07 bin
drwxr-xr-x    4 root root  1024 Jul  4 08:07 boot
drwxr-xr-x   10 root root  6620 Jul  4 08:14 dev
-rw-r--r--    1 ..   ..     383 May  2  2006 .emacs
drwxr-xr-x   68 root root  4096 Jul  4 08:16 etc
drwxr-xr-x    2 root root  4096 Aug 12  2004 home
drwxr-xr-x    2 root root  4096 Aug 12  2004 initrd
drwxr-xr-x   12 root root  4096 Jul  4 08:07 lib
drwx------    2 root root 16384 Jul  4 08:06 lost+found
drwxr-xr-x    4 root root  4096 Jul  4 08:14 media
drwxr-xr-x    2 root root  4096 Jun 19 12:18 misc
drwxr-xr-x    5 root root  4096 Jul  4 08:09 mnt
drwxr-xr-x    2 root root  4096 Aug 12  2004 opt
dr-xr-xr-x  156 root root     0 Jul  4 08:13 proc
drwxr-x---    2 root root  4096 Jul  4 08:09 root
drwxr-xr-x    2 root root 12288 Jul  4 08:07 sbin
drwxr-xr-x    1 root root     0 Jul  4 08:13 selinux
drwxr-xr-x    2 root root  4096 Aug 12  2004 srv
drwxr-xr-x    9 root root     0 Jul  4 08:13 sys
drwxrwxrwt    4 root root  4096 Jul  4 08:14 tmp
drwxr-xr-x   14 root root  4096 Jul  4 08:06 usr
drwxr-xr-x   18 root root  4096 Jul  4 08:07 var
[root@nec-em8 ~]# luserdel -r ..
Error removing /home/..: Error removing `/home/../sys/module/md5/sections/.strtab': Operation not permitted.
[root@nec-em8 ~]# ls -al /
-bash: /bin/ls: No such file or directory

Comment 1 Miloslav Trmač 2009-12-11 10:54:50 UTC
Fixed in rawhide and F-12 libuser-0.56.13.

Comment 2 Jiri Pallich 2012-06-20 13:19:40 UTC
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life. 
Please See https://access.redhat.com/support/policy/updates/errata/

If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.


Note You need to log in before you can comment on or make changes to this bug.