Ubuntu
gnome-system-tools package

[regression] Wrong GID is proposed when creating a group using users-admin

Bug #486130 reported by iGadget on 2009-11-21

This bug report is a duplicate of: Bug #475974: [users-admin] Group Properties dialog sets GID to 0 on first launch. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	gnome-system-tools (Ubuntu)	New	Undecided	Unassigned

Bug Description

Binary package hint: gnome-system-tools

On Karmic, when using the graphical tool (users-admin) to create a new group, the GID that's proposed is 0, instead of the first available GID (usually 1001 or higher). Therefore, all users who are tagged to be part of this group, actually become part of the 'root' group if the user doesn't change the GID manually.

This used to work correctly in previous Ubuntu versions.

Steps to reproduce:
1. Open System -> Administration -> Users and Groups
The 'Users Settings' screen appears.
2. Click on the 'keys'-button to allow changes and enter your password
3. Click on 'Manage Groups'
4. Click on 'Add Group'
The 'New group' screen appears.
5. Notice the predefined Group ID (GID) is set to '0'. As stated above, if the user doesn't change the GID manually (which was done automagically in previous Ubuntu versions), but does tag users to be Group Members, the new group isn't created as soon as the user clicks 'OK', but the tagged users ARE in fact added to group 0, which is root. Needless to say, this may have serious consequences for system security. I haven't tagged this bug as such yet, but perhaps it should be.

ProblemType: Bug
Architecture: i386
Date: Sat Nov 21 02:30:34 2009
DistroRelease: Ubuntu 9.10
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
NonfreeKernelModules: nvidia
Package: gnome-system-tools 2.28.1-0ubuntu2
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-14.48-generic
SourcePackage: gnome-system-tools
Uname: Linux 2.6.31-14-generic i686
XsessionErrors:
(gnome-settings-daemon:1802): GLib-CRITICAL **: g_propagate_error: assertion `src != NULL' failed
(gnome-settings-daemon:1802): GLib-CRITICAL **: g_propagate_error: assertion `src != NULL' failed
(polkit-gnome-authentication-agent-1:1922): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed
(nautilus:1902): Eel-CRITICAL **: eel_preferences_get_boolean: assertion `preferences_is_initialized ()' failed
(gnome-appearance-properties:2948): Gdk-CRITICAL **: gdk_display_sync: assertion `GDK_IS_DISPLAY (display)' failed

Tags:

Revision history for this message

iGadget (igadget) wrote on 2009-11-21:

Dependencies.txt Edit (4.2 KiB, text/plain; charset="utf-8")

Revision history for this message

Milan Bouchet-Valat (nalimilan) wrote on 2009-11-21:

Good catch! That's a very bad side-effect of bug 475974, which already has a fix committed upstream. Sadly we spotted it too late to include it in 2.28.1... I'm not sure about the security vulnerability tag, since you already need to have admin powers to do this. OTOH it's easy for an user to miss the fact that GID is 0. That's a least a reason to do an SRU.

The root bug here is that we have been checking that the GID of the root group can't be changed, but not that one can create a pseudo new group with GID 0. This should be fixed too, even if that does not lead to problems except in conjunction with the current bug.