[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

system/1561: cap_mkdb is badly broken

To: gnats@openbsd.org
Subject: system/1561: cap_mkdb is badly broken
From: Rémi Guyomarch <rguyom@pobox.com>
Date: Wed, 13 Dec 2000 15:43:52 +0100
Resent-Date: Wed, 13 Dec 2000 07:50:03 -0700 (MST)
Resent-From: gnats@cvs.openbsd.org (GNATS Management)
Resent-Message-Id: <200012131450.eBDEo3U10176@cvs.openbsd.org>
Resent-Reply-To: gnats@cvs.openbsd.org,Received: "from openbsd.cs.colorado.edu (openbsd.cs.colorado.edu [128.138.192.83]) by cvs.openbsd.org (8.10.1/8.10.1) with ESMTP id eBDEhBb00735 for" <gnats@cvs.openbsd.org>;,Wed@naughty.monkey.org, 13@naughty.monkey.org,Dec@naughty.monkey.org, 2000@naughty.monkey.org,07:43:11.-0700@cvs.openbsd.org (MST)
Resent-To: bugs@cvs.openbsd.org


>Number:         1561
>Category:       system
>Synopsis:       cap_mkdb is badly broken
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Dec 13 07:50:02 MST 2000
>Last-Modified:
>Originator:     Rémi Guyomarch
>Organization:
net
>Release:        2.8
>Environment:
	
	System      : OpenBSD 2.8
	Architecture: OpenBSD.i386
	Machine     : i386
>Description:
	Most of the time, cap_mkdb silently produce empty databases from
valid input files. Sometimes this can render the system totaly unusuable.
>How-To-Repeat:
	(the 'cap_mkdb' binary used here was extracted straight from base28.tgz)
	(the 'login.conf' text file was extracted from etc28.tgz)


	First, out of a perfectly valid file, cap_mkdb with its simplest syntax
	produce an empty database. Note that copying the login.conf.db in
	/etc will block any login attempt, even at the console.

	root@satanas ~/src/x # l
	total 3
	1 drwxr-xr-x  2 root  wheel   512 Dec 13 14:00 ./
	1 drwxr-xr-x  6 root  wheel  1024 Dec 13 12:05 ../
	1 -rw-r--r--  1 root  wheel   989 Nov  6 17:56 login.conf
	root@satanas ~/src/x # cap_mkdb login.conf
	root@satanas ~/src/x # l
	total 19
	 1 drwxr-xr-x  2 root  wheel    512 Dec 13 14:20 ./
	 1 drwxr-xr-x  6 root  wheel   1024 Dec 13 12:05 ../
	 1 -rw-r--r--  1 root  wheel    989 Nov  6 17:56 login.conf
	16 -rw-r--r--  1 root  wheel  73728 Dec 13 14:19 login.conf.db
	root@satanas ~/src/x # file login.conf.db
	login.conf.db: Berkeley DB Hash file (Version 2, Little Endian, Bucket Size 4096,
	Bucket Shift 12, Directory Size 256, Segment Size 256, Segment Shift 8, Overflow
	Point 4, Last Freed 2, Max Bucket 15, High Mask 0x1f, Low Mask 0xf, Fill Factor
	16, Number of Keys 0)
	    ^^^^^^^^^^^^^^^^


	Now, let's try with the '-f' option, redirecting the output to an
	alternate file. This time it works :
  
	root@satanas ~/src/x # rm login.conf.db
	remove login.conf.db? y
	root@satanas ~/src/x # cap_mkdb -v -f foo login.conf
	cap_mkdb: 3 capability records
	root@satanas ~/src/x # l
	total 35
	 1 drwxr-xr-x  2 root  wheel    512 Dec 13 14:26 ./
	 1 drwxr-xr-x  6 root  wheel   1024 Dec 13 12:05 ../
	32 -rw-r--r--  1 root  wheel  73728 Dec 13 14:26 foo.db
	 1 -rw-r--r--  1 root  wheel    989 Nov  6 17:56 login.conf
	root@satanas ~/src/x # file foo.db
	foo.db: Berkeley DB Hash file (Version 2, Little Endian, Bucket Size 4096, Bucket
	Shift 12, Directory Size 256, Segment Size 256, Segment Shift 8, Overflow Point
	4, Last Freed 2, Max Bucket 15, High Mask 0x1f, Low Mask 0xf, Fill Factor 16,
	Number of Keys 3)
	^^^^^^^^^^^^^^^^^


	For even more fun, let's try another thing. If there's an existing
	.db database with the same base name, 'cap_mkdb' will fail with and
	without the '-f' option :
	(this means you can't update an existing .db file)
	
	root@satanas ~/src/x # rm foo.db
	remove foo.db? y
	root@satanas ~/src/x # cap_mkdb -v login.conf
	cap_mkdb: 0 capability records
	root@satanas ~/src/x # l
	total 19
	 1 drwxr-xr-x  2 root  wheel    512 Dec 13 14:28 ./
	 1 drwxr-xr-x  6 root  wheel   1024 Dec 13 12:05 ../
	 1 -rw-r--r--  1 root  wheel    989 Nov  6 17:56 login.conf
	16 -rw-r--r--  1 root  wheel  73728 Dec 13 14:28 login.conf.db
	root@satanas ~/src/x # cap_mkdb -v -f foo login.conf
	cap_mkdb: 0 capability records
	root@satanas ~/src/x # l
	total 35
	 1 drwxr-xr-x  2 root  wheel    512 Dec 13 14:28 ./
	 1 drwxr-xr-x  6 root  wheel   1024 Dec 13 12:05 ../
	16 -rw-r--r--  1 root  wheel  73728 Dec 13 14:28 foo.db
	 1 -rw-r--r--  1 root  wheel    989 Nov  6 17:56 login.conf
	16 -rw-r--r--  1 root  wheel  73728 Dec 13 14:28 login.conf.db
	root@satanas ~/src/x # file login.conf.db foo.db
	login.conf.db: Berkeley DB Hash file (Version 2, Little Endian, Bucket Size
	4096, Bucket Shift 12, Directory Size 256, Segment Size 256, Segment Shift 8,
	Overflow Point 4, Last Freed 2, Max Bucket 15, High Mask 0x1f, Low Mask 0xf,
	Fill Factor 16, Number of Keys 0)
	                ^^^^^^^^^^^^^^^^
	
	foo.db:        Berkeley DB Hash file (Version 2, Little Endian, Bucket Size
	4096, Bucket Shift 12, Directory Size 256, Segment Size 256, Segment Shift 8,
	Overflow Point 4, Last Freed 2, Max Bucket 15, High Mask 0x1f, Low Mask 0xf,
	Fill Factor 16, Number of Keys 0)
	                ^^^^^^^^^^^^^^^^^
	

>Fix:
	Rewrite cap_mkdb

>Audit-Trail:
>Unformatted:

Prev by Date: #¤%#%#¤% Gnats.
Next by Date: Re: kernel/1553: Problems with RTL8139B based Ethernet
Prev by thread: #¤%#%#¤% Gnats.
Next by thread: Re: system/1561: cap_mkdb is badly broken
Index(es):
- Date
- Thread