From 97547bc00ae47970bfc9a99209083fff0f3d7931 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Mon, 1 Aug 2022 11:13:56 +0200 Subject: [PATCH] useradd: modify check ID range for system users Resolves: #2093692 Signed-off-by: Iker Pedrosa --- ...dify-check-ID-range-for-system-users.patch | 40 +++++++++++++++++++ shadow-utils.spec | 8 +++- 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 shadow-4.11.1-useradd-modify-check-ID-range-for-system-users.patch diff --git a/shadow-4.11.1-useradd-modify-check-ID-range-for-system-users.patch b/shadow-4.11.1-useradd-modify-check-ID-range-for-system-users.patch new file mode 100644 index 0000000..dead628 --- /dev/null +++ b/shadow-4.11.1-useradd-modify-check-ID-range-for-system-users.patch @@ -0,0 +1,40 @@ +From f1f1678e13aa3ae49bdb139efaa2c5bc53dcfe92 Mon Sep 17 00:00:00 2001 +From: Iker Pedrosa +Date: Tue, 4 Jan 2022 13:06:00 +0100 +Subject: [PATCH] useradd: modify check ID range for system users + +useradd warns that a system user ID less than SYS_UID_MIN is outside the +expected range, even though that ID has been specifically selected with +the "-u" option. + +In my opinion all the user ID's below SYS_UID_MAX are for the system, +thus I change the condition to take that into account. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2004911 + +Signed-off-by: Iker Pedrosa +--- + src/useradd.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/useradd.c b/src/useradd.c +index 34376fa5..4c71c38a 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -2409,11 +2409,9 @@ static void check_uid_range(int rflg, uid_t user_id) + uid_t uid_min ; + uid_t uid_max ; + if (rflg) { +- uid_min = (uid_t)getdef_ulong("SYS_UID_MIN",101UL); + uid_max = (uid_t)getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1); +- if (uid_min <= uid_max) { +- if (user_id < uid_min || user_id >uid_max) +- fprintf(stderr, _("%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max); ++ if (user_id > uid_max) { ++ fprintf(stderr, _("%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"), Prog, user_name, user_id, uid_max); + } + }else{ + uid_min = (uid_t)getdef_ulong("UID_MIN", 1000UL); +-- +2.37.1 + diff --git a/shadow-utils.spec b/shadow-utils.spec index 98efee1..660f777 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.11.1 -Release: 3%{?dist} +Release: 4%{?dist} Epoch: 2 License: BSD and GPLv2+ URL: https://github.com/shadow-maint/shadow @@ -45,6 +45,8 @@ Patch12: shadow-4.6-sysugid-min-limit.patch Patch13: shadow-4.8-ignore-login-prompt.patch # https://github.com/shadow-maint/shadow/commit/e101219ad71de11da3fdd1b3ec2620fd1a97b92c Patch14: shadow-4.9-nss-get-shadow-logfd-with-log-get-logfd.patch +# https://github.com/shadow-maint/shadow/commit/f1f1678e13aa3ae49bdb139efaa2c5bc53dcfe92 +Patch15: shadow-4.11.1-useradd-modify-check-ID-range-for-system-users.patch ### Dependencies ### Requires: audit-libs >= 1.6.5 @@ -119,6 +121,7 @@ Development files for shadow-utils-subid. %patch12 -p1 -b .sysugid-min-limit %patch13 -p1 -b .login-prompt %patch14 -p1 -b .nss-get-shadow-logfd-with-log-get-logfd +%patch15 -p1 -b .useradd-modify-check-ID-range-for-system-users iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -292,6 +295,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.a %{_libdir}/libsubid.so %changelog +* Mon Aug 1 2022 Iker Pedrosa - 2:4.11.1-4 +- useradd: modify check ID range for system users. Resolves: #2093692 + * Sat Jul 23 2022 Fedora Release Engineering - 2:4.11.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild