Nasty 4.1c bug

phil at sequel.UUCP phil at sequel.UUCP
Tue Jun 21 03:14:02 AEST 1983 

Be very careful with the shell script "vipw" under 4.1c.  It  can
and  will wipe out your passwd file.  A problem occurs if someone
runs the passwd command while you  are  running  vipw.  The  next
time  you  run vipw, you zero out the passwd file.  Yes, you hear
me right.

The problem is in how vipw and passwd(1) lock  the  passwd  file.
If  you glance at vipw, you will notice it creates /etc/vipw.lock
by copying /dev/null to it.  It trys to link  to  this  file  and
create  /etc/ptmp  since this is the file used to lock the passwd
file.  If this link fails then someone is changing  their  passwd
and the passwd file is busy.  This is cool.

The problem is when this succeeds and you are  busy  editing  the
passwd  file  and  someone  decides  to change their passwd.  The
passwd command in 4.1c just does a fancy open with the options to
set  an  advisary lock.  This does not take into account the file
may already exist!  It then  copys  the  passwd  file  into  this
supposed  safe  tmp  file  and  renames  this file as /etc/passwd
(remember you still have a link to it called vipw.lock).

You probably smell a  rat  by  now.  Your  only  indication  that
something is amiss is that vipw complains about not being able to
remove /etc/ptmp.  Humm.  The next time you run vipw it  promptly
copys  /dev/null  to vipw.lock which just happens to be linked to
/etc/passwd.  Goodbye passwd file.  This happend  to  us.  Really
nasty problem.  As a side issue, we crashed 10 seconds later.

The 4.1 passwd command uses the access() call  to  determine  the
passwd  file  is  busy  (/etc/ptmp  exists)  and exits printing a
message about the passwd file being busy.  I am not sure why  the
locking  stuff  was changed since access() still exists.  I think
we are going to change  vipw  to  a  C  program  that  obeys  the
convention  of  advisary  locks  (the other fix is to use the old
passwd command or use the access() call).

	Phil Hochstetler 		(503) 626-5700
	Sequel Computer Systems, Inc.
	Portland, Oregon
	
uucp:	ogcvax!sequel!phil 
	pur-ee!sequel!phil

More information about the Comp.bugs.4bsd.ucb-fixes mailing list