From nobody  Fri Feb 14 20:54:23 1997
Received: (from nobody@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id UAA29148;
          Fri, 14 Feb 1997 20:54:23 -0800 (PST)
Message-Id: <199702150454.UAA29148@freefall.freebsd.org>
Date: Fri, 14 Feb 1997 20:54:23 -0800 (PST)
From: pgiffuni@fps.biblos.unal.edu.co
To: freebsd-gnats-submit@freebsd.org
Subject: root-fs full erases password table !
X-Send-Pr-Version: www-1.0

>Number:         2740
>Category:       bin
>Synopsis:       root-fs full erases password table !
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    wpaul
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 14 21:00:02 PST 1997
>Closed-Date:    Sun Mar 22 09:29:05 PST 1998
>Last-Modified:  Sun Mar 22 09:29:58 PST 1998
>Originator:     Pedro Giffuni S.
>Release:        2.1.5 Release
>Organization:
Universidad Nacional de Colombia
>Environment:
(Just can't do this anymore)An unmodified 2.1.5 Release.
>Description:
After I tried to change my password (as a non-privileged user) the
system replied the file system was full and the table was not updated. I
tried to su to root, and I wasn't recognized as a user. The password 
table was destroyed and no one can log-in.
>How-To-Repeat:
It's actually the second time it happens. It might be a security breach.
>Fix:
Verify there is space, or (and?) write a copy of the password files before
updating the password table.... ???
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->wpaul 
Responsible-Changed-By: mpp 
Responsible-Changed-When: Fri Feb 21 11:42:28 PST 1997 
Responsible-Changed-Why:  
Bill seems to have done a lot of work in this area. 

From: Mike Pritchard <mpp>
To: freebsd-gnats-submit
Cc:  Subject: Re: bin/2740
Date: Fri, 21 Feb 1997 11:44:39 -0800 (PST)

 Feedback from the originator:
 
 pgiffuni@fps.biblos.unal.edu.co wrote:
 > From pgiffuni@fps.biblos.unal.edu.co Fri Feb 21 11:34:55 1997
 > From: pgiffuni@fps.biblos.unal.edu.co
 > Date: Fri, 21 Feb 1997 14:39:43 -0500 (EST)
 > To: Mike Pritchard <mpp@freefall.freebsd.org>
 > Subject: Re: FreeBSD PR# 2740
 > In-Reply-To: <199702190704.XAA08316@freefall.freebsd.org>
 > Message-Id: <Pine.A41.3.95.970221143438.19472A-100000@fps.biblos.unal.edu.co>
 > Mime-Version: 1.0
 > Content-Type: TEXT/PLAIN; charset=US-ASCII
 > 
 > 
 > 
 > On Tue, 18 Feb 1997, Mike Pritchard wrote:
 > 
 > > Can you tell exactly which files get destroyed?  E.g.
 > > when this happens, do a ls -l of /etc/{passwd,master.passwd,pwd.db,spwd.db}
 > > and see if they all exist and are not zero length.
 > >
 > passwd, master.passwd, pwd.db and spwd.db all have zero length !
 > 
 > df reports negative available space on / .
 >  
 > > Have you tried later versions, such as FreeBSD 2.2 BETA or GAMMA
 > > or FreeBSD 3.0-current?
 > > 
 > Some one reported master.passwd being erased from current without known
 > reason.
 > 
 > Hope that helps.
 > 
 > Pedro.
 > 
 > 
 > > -Mike
 > > 
 > > >Number:         2740
 > > >Category:       bin
 > > >Synopsis:       root-fs full erases password table !
 > > >Confidential:   no
 > > >Severity:       critical
 > > >Priority:       high
 > > >Responsible:    freebsd-bugs
 > > >State:          open
 > > >Class:          sw-bug
 > > >Submitter-Id:   current-users
 > > >Arrival-Date:   Fri Feb 14 21:00:02 PST 1997
 > > >Last-Modified:  
 > > >Originator:     Pedro Giffuni S.
 > > >Organization:
 > > Universidad Nacional de Colombia
 > > >Release:        2.1.5 Release
 > > >Environment:
 > > (Just can't do this anymore)An unmodified 2.1.5 Release.
 > > >Description:
 > > After I tried to change my password (as a non-privileged user) the
 > > system replied the file system was full and the table was not updated. I
 > > tried to su to root, and I wasn't recognized as a user. The password 
 > > table was destroyed and no one can log-in.
 > > >How-To-Repeat:
 > > It's actually the second time it happens. It might be a security breach.
 > > >Fix:
 > > Verify there is space, or (and?) write a copy of the password files before
 > > updating the password table.... ???
 > > >Audit-Trail:
 > > >Unformatted:
 > > 
 > > -- 
 > > Mike Pritchard
 > > mpp@FreeBSD.org
 > > "Go that way.  Really fast.  If something gets in your way, turn"
 > > 
 > 
 > 
 
 
 -- 
 Mike Pritchard
 mpp@FreeBSD.org
 "Go that way.  Really fast.  If something gets in your way, turn"

From: Mike Pritchard <mpp>
To: freebsd-gnats-submit
Cc:  Subject: Re: bin/2740 root-fs full erases password files
Date: Tue, 25 Mar 1997 18:59:29 -0800 (PST)

 Here is some feedback on this problem:
 
 pgiffuni@fps.biblos.unal.edu.co wrote:
 > From pgiffuni@fps.biblos.unal.edu.co Fri Feb 21 11:34:55 1997
 > From: pgiffuni@fps.biblos.unal.edu.co
 > Date: Fri, 21 Feb 1997 14:39:43 -0500 (EST)
 > To: Mike Pritchard <mpp@freefall.freebsd.org>
 > Subject: Re: FreeBSD PR# 2740
 > In-Reply-To: <199702190704.XAA08316@freefall.freebsd.org>
 > Message-Id: <Pine.A41.3.95.970221143438.19472A-100000@fps.biblos.unal.edu.co>
 > Mime-Version: 1.0
 > Content-Type: TEXT/PLAIN; charset=US-ASCII
 > 
 > 
 > On Tue, 18 Feb 1997, Mike Pritchard wrote:
 > 
 > > Can you tell exactly which files get destroyed?  E.g.
 > > when this happens, do a ls -l of /etc/{passwd,master.passwd,pwd.db,spwd.db}
 > > and see if they all exist and are not zero length.
 > >
 > passwd, master.passwd, pwd.db and spwd.db all have zero length !
 > 
 > df reports negative available space on / .
 >  
 > > Have you tried later versions, such as FreeBSD 2.2 BETA or GAMMA
 > > or FreeBSD 3.0-current?
 > > 
 > Some one reported master.passwd being erased from current without known
 > reason.
 > 
 > Hope that helps.
 > 
 > Pedro.

From: Studded <Studded@dal.net>
To: freebsd-gnats-submit@freebsd.org, pgiffuni@fps.biblos.unal.edu.co
Cc:  Subject: Re: bin/2740: root-fs full erases password table !
Date: Sun, 22 Mar 1998 02:54:00 -0800

 Mail to originator fails with "user unknown."
 
 Doug
 -- 
 ***         Chief Operations Officer, DALnet IRC network       ***
 *** Proud operator, designer and maintainer of the world's largest
 *** Internet Relay Chat server.  5,328 clients and still growing.
 *** Try spider.dal.net on ports 6662-4    (Powered by FreeBSD)
State-Changed-From-To: open->closed 
State-Changed-By: steve 
State-Changed-When: Sun Mar 22 09:29:05 PST 1998 
State-Changed-Why:  
Mail ping to orginator failed.  If you are still out there 
and this problem still exists I will re-open this PR. 
>Unformatted:
