From 4065aca350e1ce49d013b5bc50408c1fd7313ac0 Mon Sep 17 00:00:00 2001 From: panxiaohe Date: Fri, 18 Feb 2022 16:42:08 +0800 Subject: [PATCH] useradd: modify check ID range for system users --- ...dify-check-ID-range-for-system-users.patch | 42 +++++++++++++++++++ shadow.spec | 6 ++- 2 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 backport-useradd-modify-check-ID-range-for-system-users.patch diff --git a/backport-useradd-modify-check-ID-range-for-system-users.patch b/backport-useradd-modify-check-ID-range-for-system-users.patch new file mode 100644 index 0000000..c6aac9f --- /dev/null +++ b/backport-useradd-modify-check-ID-range-for-system-users.patch @@ -0,0 +1,42 @@ +From f1f1678e13aa3ae49bdb139efaa2c5bc53dcfe92 Mon Sep 17 00:00:00 2001 +From: Iker Pedrosa +Date: Tue, 4 Jan 2022 13:06:00 +0100 +Subject: [PATCH] useradd: modify check ID range for system users + +useradd warns that a system user ID less than SYS_UID_MIN is outside the +expected range, even though that ID has been specifically selected with +the "-u" option. + +In my opinion all the user ID's below SYS_UID_MAX are for the system, +thus I change the condition to take that into account. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2004911 + +Signed-off-by: Iker Pedrosa + +Conflict: context adaptation +--- + src/useradd.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/useradd.c b/src/useradd.c +index 34376fa..4c71c38 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -2409,11 +2409,9 @@ static void check_uid_range(int rflg, uid_t user_id) + uid_t uid_min ; + uid_t uid_max ; + if(rflg){ +- uid_min = (uid_t)getdef_ulong("SYS_UID_MIN",101UL); + uid_max = (uid_t)getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1); +- if(uid_min <= uid_max){ +- if(user_id < uid_min || user_id >uid_max) +- fprintf(stderr, _("%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max); ++ if (user_id > uid_max) { ++ fprintf(stderr, _("%s warning: %s's uid %d is greater than SYS_UID_MAX %d\n"), Prog, user_name, user_id, uid_max); + } + }else{ + uid_min = (uid_t)getdef_ulong("UID_MIN", 1000UL); +-- +1.8.3.1 + diff --git a/shadow.spec b/shadow.spec index 771f741..b252dd2 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,6 +1,6 @@ Name: shadow Version: 4.9 -Release: 3 +Release: 4 Epoch: 2 License: BSD and GPLv2+ Summary: Tools for managing accounts and shadow password files @@ -38,6 +38,7 @@ Patch18: pwck-fix-segfault-when-calling-fprintf.patch Patch19: newgrp-fix-segmentation-fault.patch Patch20: groupdel-fix-SIGSEGV-when-passwd-does-not-exist.patch Patch21: shadow-add-sm3-crypt-support.patch +Patch22: backport-useradd-modify-check-ID-range-for-system-users.patch BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel BuildRequires: libacl-devel, libattr-devel @@ -204,6 +205,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la %{_mandir}/*/* %changelog +* Fri Feb 18 2022 panxiaohe - 2:4.9-4 +- useradd: modify check ID range for system users + * Mon Feb 7 2022 panxiaohe - 2:4.9-3 - synchronized login.defs with upstream file