libuuid: use /usr/sbin/nologin instead of /bin/sh for libuuid user

Bug #1319973 reported by Alec Warner on 2014-05-15
264
This bug affects 2 people
Affects Status Importance Assigned to Milestone
util-linux (Debian)
Fix Released
Unknown
util-linux (Ubuntu)
High
Marc Deslauriers
Trusty
High
Marc Deslauriers
Utopic
High
Unassigned

Bug Description

antarus@killbot:~$ getent passwd libuuid
libuuid:x:100:101::/var/lib/libuuid:

A missing shell specification means it takes the default shell (usually /bin/sh).

DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu Trusty Tahr (development branch)"
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04

antarus@killbot:/tmp$ apt-cache policy libuuid1
libuuid1:
  Installed: 2.20.1-5.1ubuntu20
  Candidate: 2.20.1-5.1ubuntu20

It should have /usr/sbin/nologin as its shell.

-A

Changed in util-linux (Ubuntu Trusty):
status: New → Confirmed
Changed in util-linux (Ubuntu Utopic):
status: New → Confirmed
assignee: nobody → Marc Deslauriers (mdeslaur)
information type: Public → Public Security
Changed in util-linux (Debian):
status: Unknown → New
Changed in util-linux (Ubuntu Trusty):
milestone: none → trusty-updates
Changed in util-linux (Debian):
status: New → Fix Released
Mark Stosberg (markstos) wrote :

This remains a potential security issue with Ubuntu 14.04.

It appears that the util-linux (2.25-5) should set the login shell as "nologin". It seems here we need an update which finds the shells already set as /bin/sh and resets them to "nlogin"

Mark Stosberg (markstos) wrote :

That should nave been "nologin".

Martin Pitt (pitti) wrote :

The vivid package (uuid-runtime.postinst) does that, this got merged several months ago.

Changed in util-linux (Ubuntu):
status: Confirmed → Fix Released
Changed in util-linux (Ubuntu Utopic):
status: Confirmed → Won't Fix
tags: added: trusty
Changed in util-linux (Ubuntu Trusty):
importance: Undecided → High
Changed in util-linux (Ubuntu Utopic):
importance: Undecided → High
Changed in util-linux (Ubuntu):
importance: Undecided → High
Changed in util-linux (Ubuntu Trusty):
status: Confirmed → Triaged
Changed in util-linux (Ubuntu Utopic):
assignee: Marc Deslauriers (mdeslaur) → nobody
Changed in util-linux (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
summary: - libuuid needs a default shell (seems to not specify any?)
+ libuuid: use /usr/sbin/nologin instead of /bin/sh for libuuid user
Da Xue (da-t) wrote :

Any time estimates of when this will be addressed on14.04 LTS?

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.