Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1021745: passwd: /etc/passwd was edited with the wrong shell path
177 views
Skip to first unread message
Najib B
Oct 13, 2022, 6:30:05 PM10/13/22
to
Package: passwd
Version: 1:4.12.3+dfsg1-1
Severity: important
X-Debbugs-Cc: najib...@gmail.com
Dear Maintainer,
I have just noticed this issue on chsh that I would like to report to you,
including a solution that I would like to mention.
----------------------
# chsh
Changing the login shell for root
Enter the new value, or press ENTER for the default
Login Shell [/bin/zsh]: zsh
chsh: Warning: zsh does not exist
exit
$ sudo chsh
Password:
chsh: PAM: Authentication failure`
-----------------------
The problem here, is that chsh has accepted "zsh" without checking first, if
that path exists.
After exiting "root" it is not possible to login back.
The solution is to edit /etc/passwd from this:
root:x:0:0:root:/root:zsh
to this:
root:x:0:0:root:/root:/bin/zsh
Best regards,
-- System Information:
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2022.3
Codename: kali-rolling
Architecture: x86_64
Kernel: Linux 5.18.0-kali7-amd64 (SMP w/3 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages passwd depends on:
ii libaudit1 1:3.0.7-1.1
ii libc6 2.34-4
ii libcrypt1 1:4.4.28-2
ii libpam-modules 1.5.2-5
ii libpam0g 1.5.2-5
ii libselinux1 3.4-1+b2
ii libsemanage2 3.4-1+b2
Versions of packages passwd recommends:
ii sensible-utils 0.0.17
passwd suggests no packages.
-- no debconf information
Version: 1:4.12.3+dfsg1-1
Severity: important
X-Debbugs-Cc: najib...@gmail.com
Dear Maintainer,
I have just noticed this issue on chsh that I would like to report to you,
including a solution that I would like to mention.
----------------------
# chsh
Changing the login shell for root
Enter the new value, or press ENTER for the default
Login Shell [/bin/zsh]: zsh
chsh: Warning: zsh does not exist
exit
$ sudo chsh
Password:
chsh: PAM: Authentication failure`
-----------------------
The problem here, is that chsh has accepted "zsh" without checking first, if
that path exists.
After exiting "root" it is not possible to login back.
The solution is to edit /etc/passwd from this:
root:x:0:0:root:/root:zsh
to this:
root:x:0:0:root:/root:/bin/zsh
Best regards,
-- System Information:
Distributor ID: Kali
Description: Kali GNU/Linux Rolling
Release: 2022.3
Codename: kali-rolling
Architecture: x86_64
Kernel: Linux 5.18.0-kali7-amd64 (SMP w/3 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages passwd depends on:
ii libaudit1 1:3.0.7-1.1
ii libc6 2.34-4
ii libcrypt1 1:4.4.28-2
ii libpam-modules 1.5.2-5
ii libpam0g 1.5.2-5
ii libselinux1 3.4-1+b2
ii libsemanage2 3.4-1+b2
Versions of packages passwd recommends:
ii sensible-utils 0.0.17
passwd suggests no packages.
-- no debconf information
Serge E. Hallyn
Oct 14, 2022, 9:30:04 AM10/14/22
to
On Fri, Oct 14, 2022 at 12:18:26AM +0200, Najib B wrote:
> Package: passwd
> Version: 1:4.12.3+dfsg1-1
> Severity: important
> X-Debbugs-Cc: najib...@gmail.com
>
> Dear Maintainer,
>
> I have just noticed this issue on chsh that I would like to report to you,
> including a solution that I would like to mention.
>
> ----------------------
> # chsh
> Changing the login shell for root
> Enter the new value, or press ENTER for the default
> Login Shell [/bin/zsh]: zsh
> chsh: Warning: zsh does not exist
>
> exit
> $ sudo chsh
> Password:
> chsh: PAM: Authentication failure`
> -----------------------
> The problem here, is that chsh has accepted "zsh" without checking first, if
> that path exists.
Well no, it clearly checked, and warned you. You chose to
> Package: passwd
> Version: 1:4.12.3+dfsg1-1
> Severity: important
> X-Debbugs-Cc: najib...@gmail.com
>
> Dear Maintainer,
>
> I have just noticed this issue on chsh that I would like to report to you,
> including a solution that I would like to mention.
>
> ----------------------
> # chsh
> Changing the login shell for root
> Enter the new value, or press ENTER for the default
> Login Shell [/bin/zsh]: zsh
> chsh: Warning: zsh does not exist
>
> exit
> $ sudo chsh
> Password:
> chsh: PAM: Authentication failure`
> -----------------------
> The problem here, is that chsh has accepted "zsh" without checking first, if
> that path exists.
ignore the warning. If we refuse to set it, we'll get tons
of bug reports about that. We could add a fail-on-warning
option I suppose... But if you choose to ignore the warnings
I don't think you'd use that option.
> Pkg-shadow-devel mailing list
> Pkg-shad...@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel
Najib Bakari
Oct 14, 2022, 12:40:03 PM10/14/22
to
---------- Forwarded message ---------
De: Serge E. Hallyn <se...@hallyn.com>
Date: vie, 14 oct 2022 a las 17:56
Subject: Re: [Pkg-shadow-devel] Bug#1021745: passwd: /etc/passwd was edited with the wrong shell path
To: Najib Bakari <najib...@gmail.com>
Cc: Serge E. Hallyn <se...@hallyn.com>
De: Serge E. Hallyn <se...@hallyn.com>
Date: vie, 14 oct 2022 a las 17:56
Subject: Re: [Pkg-shadow-devel] Bug#1021745: passwd: /etc/passwd was edited with the wrong shell path
To: Najib Bakari <najib...@gmail.com>
Cc: Serge E. Hallyn <se...@hallyn.com>
On Fri, Oct 14, 2022 at 05:34:09PM +0200, Najib Bakari wrote:
> Dear Serge Hallyn,
> My point was only about the /etc/passwd being edited, even with the check
> and warning.
>
> *> Well no, it clearly checked, and warned you. You chose to
> ignore the warning. *
>
> When the warning pops up, it is already too late. Check this please:
>
> #chsh
> Changing the login shell for root
> Enter the new value, or press ENTER for the default
> Login Shell [/bin/zsh]: zsh
> chsh: Warning: zsh does not exist
>
> # chsh
> Password:
> chsh: PAM: Authentication failure
>
> Best regards
>
> Najib
Right, you'd have to reset it after seeing the warning.
This isn't something that has recently changed, it's been like this
for 25 years.
I'm open to a patch that will accept a new /etc/login.defs variable to
affect this - it could, if set, simply refuse on unknown shell, or
ask "are sure". However, github.com/shadow-maint/shadow woudl be the
place for this. The debian package would simply make a change to
the debian/login.defs (if it wants) to set the default. Feel free to
create an issue or, better, submit a PR there :)
thanks,
-serge
>
> Najib
Right, you'd have to reset it after seeing the warning.
This isn't something that has recently changed, it's been like this
for 25 years.
I'm open to a patch that will accept a new /etc/login.defs variable to
affect this - it could, if set, simply refuse on unknown shell, or
ask "are sure". However, github.com/shadow-maint/shadow woudl be the
place for this. The debian package would simply make a change to
the debian/login.defs (if it wants) to set the default. Feel free to
create an issue or, better, submit a PR there :)
thanks,
-serge
Liebe Güße
0 new messages