Possible bug (users)
I am not sure if or how this could be exploited, but I believe I found a bug or security issue with Mandrake 9.2.
Something happened when I was modifying my users on my system to where one of the users somehow lost the username. The system only recognizes the UID. When I go into KDE, it says fatal server error, cannot determine name for UID (or something very similar to that). When I open a terminal it says "I Have No Name@localhost" for the prompt. The alarming part, is that this user now has almost super-user like access. The user can browse into any other user's folders, and the user can open admin tools without entering the password. Group permissions seem to still be applicable (the user cannot open folders with group permissions for specific groups).
Anyone know what happened here and what I should do? Can I report this without knowing exactly what I did to cause the issue?
"Anyone know what happened here and what I should do?"
Some table in the kernel security subsystem is messed up but I can only guess as to which one. Take a look at /etc/passwd and look for the entry which has that users UID as the third field in the entry. The first field should be the user name and the second field (password) should be an asterick. If either the user name and/or asterick is missing then that is the problem.
To fix the problem I recommend that you back up /home/username and then delete the user using the userdel command (see man userdel). Then recreate the user with useradd. If you still have problems then try deleting the user and then creating a new user name.
"Can I report this without knowing exactly what I did to cause the issue?"
First you should search the Mandrake support site to see if the bug is already reported and if there is a fix for it. If not, you can report it. But unless you give the developer enough information that he can recreate the bug then he cannot fix the bug.
Be prepared. Create a LifeBoat CD.
I actually tried removing and readding the user, twice actually, and the problem remains. I checked the /etc/passwd file and one that was /etc/passwd- and the line for that user looks perfect as far as formatting.
I am still trying to see if I can track this down, because this is kind of scary if anyone could figure out how to exploit this.
|All times are GMT -5. The time now is 08:30 PM.|