LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

shadow-utils: useradd tool creates mail spools with incorrect permissions

Package(s):shadow-utils CVE #(s):CAN-2002-1509
Created:February 20, 2003 Updated:February 27, 2003
Description: The shadow-utils package includes programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. One of these programs is useradd, which is used to create or update new user information.

When creating a user account, the version of useradd included in Red Hat Linux 7.2, 7.3, and 8.0 creates a mailbox file with incorrectly-set group ownership. Instead of setting the file's group ownership to the 'mail' group, it is set to the user's primary group.

On systems where other users share the same primary group, this would allow those users to be able to read and write other user mailboxes.

Alerts:
Mandrake MDKSA-2003:026 2003-02-26
Red Hat RHSA-2003:057-06 2003-02-18
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds