LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Password
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.

Notices



Reply
 
Search this Thread
Old 02-25-2004, 04:02 AM   #1
Nic-MDKman
Member
 
Registered: Feb 2004
Location: Sacramento, CA, USA
Distribution: Mandrake 9.2
Posts: 159

Rep: Reputation: 30
Possible bug (users)


I am not sure if or how this could be exploited, but I believe I found a bug or security issue with Mandrake 9.2.

Something happened when I was modifying my users on my system to where one of the users somehow lost the username. The system only recognizes the UID. When I go into KDE, it says fatal server error, cannot determine name for UID (or something very similar to that). When I open a terminal it says "I Have No Name@localhost" for the prompt. The alarming part, is that this user now has almost super-user like access. The user can browse into any other user's folders, and the user can open admin tools without entering the password. Group permissions seem to still be applicable (the user cannot open folders with group permissions for specific groups).

Anyone know what happened here and what I should do? Can I report this without knowing exactly what I did to cause the issue?
 
Old 02-25-2004, 11:11 AM   #2
jailbait
Guru
 
Registered: Feb 2003
Location: Blue Ridge Mountain
Distribution: Debian Wheezy, Debian Jessie
Posts: 7,590

Rep: Reputation: 188Reputation: 188
"Anyone know what happened here and what I should do?"

Some table in the kernel security subsystem is messed up but I can only guess as to which one. Take a look at /etc/passwd and look for the entry which has that users UID as the third field in the entry. The first field should be the user name and the second field (password) should be an asterick. If either the user name and/or asterick is missing then that is the problem.

To fix the problem I recommend that you back up /home/username and then delete the user using the userdel command (see man userdel). Then recreate the user with useradd. If you still have problems then try deleting the user and then creating a new user name.

"Can I report this without knowing exactly what I did to cause the issue?"

First you should search the Mandrake support site to see if the bug is already reported and if there is a fix for it. If not, you can report it. But unless you give the developer enough information that he can recreate the bug then he cannot fix the bug.

___________________________________
Be prepared. Create a LifeBoat CD.
http://users.rcn.com/srstites/LifeBo...home.page.html

Steve Stites

Last edited by jailbait; 02-25-2004 at 11:13 AM.
 
Old 02-28-2004, 08:36 AM   #3
Nic-MDKman
Member
 
Registered: Feb 2004
Location: Sacramento, CA, USA
Distribution: Mandrake 9.2
Posts: 159

Original Poster
Rep: Reputation: 30
I actually tried removing and readding the user, twice actually, and the problem remains. I checked the /etc/passwd file and one that was /etc/passwd- and the line for that user looks perfect as far as formatting.

I am still trying to see if I can track this down, because this is kind of scary if anyone could figure out how to exploit this.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to authenticate external users but bypass prompt on local LAN users? taiwf Linux - Security 5 07-13-2005 10:01 AM
archive partition bug for some distro that some grub users have aus9 Linux - Newbie 0 01-06-2005 04:16 AM
redhat-config-users bug? majic Red Hat 5 10-12-2004 11:19 AM
Free86 bug or nVidia bug?? ProtoformX Linux - Software 2 05-12-2004 03:38 AM
Bug Report & Users-list Xterminator Conectiva 0 02-25-2004 09:59 AM


All times are GMT -5. The time now is 07:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration