From nobody@www.freebsd.org  Tue May 28 19:33:16 2002
Return-Path: <nobody@www.freebsd.org>
Received: from nwww.freebsd.org (www.FreeBSD.org [216.136.204.117])
	by hub.freebsd.org (Postfix) with ESMTP id 840C537B404
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 28 May 2002 19:33:15 -0700 (PDT)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by nwww.freebsd.org (8.12.2/8.12.2) with ESMTP id g4T2XEhG052122
	for <freebsd-gnats-submit@FreeBSD.org>; Tue, 28 May 2002 19:33:14 -0700 (PDT)
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.12.2/8.12.2/Submit) id g4T2XEr3052121;
	Tue, 28 May 2002 19:33:14 -0700 (PDT)
Message-Id: <200205290233.g4T2XEr3052121@www.freebsd.org>
Date: Tue, 28 May 2002 19:33:14 -0700 (PDT)
From: Takumi ISHII <takishii@xephion.ne.jp>
To: freebsd-gnats-submit@FreeBSD.org
Subject: change request for pw command
X-Send-Pr-Version: www-1.0

>Number:         38676
>Category:       bin
>Synopsis:       change request for pw command
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 28 19:40:08 PDT 2002
>Closed-Date:    Tue Mar 09 19:55:48 PST 2004
>Last-Modified:  Tue Mar 09 19:55:48 PST 2004
>Originator:     Takumi ISHII
>Release:        4.6-RC2 i386
>Organization:
>Environment:
FreeBSD camaro.nw.xephion.ne.jp 4.6-RC2 FreeBSD 4.6-RC2 #0: Wed May 29 18:47:22 JST 2002     root@:/usr/src/sys/compile/kernel  i386
>Description:
Dec 12 2000, Mr.akimoto sent "Problem Report bin/23501".
That problem is solved.
But 4.6-RC2 doesn't contain that patch yet.
So pw command destroy /etc/master.passwd when pw executing 
at the same time ,on 4.6-RC2.
please add that patch to 4.6-RELEASE.
>How-To-Repeat:

>Fix:
Please see the Problem Report bin/23501

>Release-Note:
>Audit-Trail:

From: Paul Herman <pherman@frenchfries.net>
To: FreeBSD-gnats-submit@FreeBSD.ORG
Cc: Takumi ISHII <takishii@xephion.ne.jp>,
	"Geoffrey C. Speicher" <geoff@sea-incorporated.com>,
	"Matthew D. Fuller" <fullermd@over-yonder.net>
Subject: Re: bin/38676 change request for pw command
Date: Mon, 24 Jun 2002 22:52:50 -0700 (PDT)

 Here is an better version of the patch in bin/23501.  In addition
 to the advisory lock, link counts are checked to avoid any
 unlink/rename issues.  This has been tested by myself and seems to
 also fix the problem.
 
 The topic of HOW to best fix this bug has recently been hashed out
 a bit on -hackers and -stable.  Matthew Fuller proposed an
 alternate fix by using a giant lock in /var/run/, so the jury is
 still out on the best way to solve the problem.
 
 I'll let Matthew speak for himself, but I feel that the either the
 patch in bin/23501 or the following improved patch is the best way
 to solve the problem.  Opinions in the audit-trail are surely to
 follow.  :-)
 
 -Paul.
 
 Index: edgroup.c
 ===================================================================
 RCS file: /u02/ncvs/src/usr.sbin/pw/edgroup.c,v
 retrieving revision 1.8
 diff -u -r1.8 edgroup.c
 --- edgroup.c	28 Aug 1999 01:19:16 -0000	1.8
 +++ edgroup.c	25 Jun 2002 05:27:49 -0000
 @@ -68,7 +68,26 @@
  	strcpy(grouptmp, groupfile);
  	strcat(grouptmp, ".new");
 
 -	if ((infd = open(groupfile, O_RDWR | O_CREAT, 0644)) != -1) {
 +	/*
 +	 * Open and lock the original group file.  We check the link count
 +	 * in order to avoid any link/unlink/remove race.
 +	 */
 +	for (;;) {
 +		struct stat st;
 +
 +		infd = open(groupfile, O_RDWR | O_CREAT | O_EXLOCK, 0644);
 +		if (infd == -1)
 +			break;
 +		if (fstat(infd, &st) < 0) {
 +			close(infd);
 +			return -1;
 +		}
 +		if (st.st_nlink == 1)
 +			break;
 +		close(infd);
 +	}
 +
 +	if (infd != -1) {
  		FILE           *infp;
 
  		if ((infp = fdopen(infd, "r+")) == NULL)
 Index: fileupd.c
 ===================================================================
 RCS file: /u02/ncvs/src/usr.sbin/pw/fileupd.c,v
 retrieving revision 1.9
 diff -u -r1.9 fileupd.c
 --- fileupd.c	26 Oct 1999 04:27:13 -0000	1.9
 +++ fileupd.c	25 Jun 2002 04:15:08 -0000
 @@ -76,8 +76,25 @@
  	if (pfxlen <= 1)
  		rc = EINVAL;
  	else {
 -		int    infd = open(filename, O_RDWR | O_CREAT, fmode);
 -
 +		/*
 +		 * Open and lock the original file.  We check the link count
 +		 * in order to avoid any link/unlink/rename race.
 +		 */
 +		int infd;
 +		for (;;) {
 +			struct stat st;
 +			infd = open(filename, O_RDWR | O_CREAT | O_EXLOCK, fmode);
 +			if (infd == -1)
 +				break;
 +			if (fstat(infd, &st) < 0) {
 +				rc = errno;
 +				close(infd);
 +				return rc;
 +			}
 +			if (st.st_nlink == 1)
 +				break;
 +			close(infd);
 +		}
  		if (infd == -1)
  			rc = errno;
  		else {
 

From: "Matthew D. Fuller" <fullermd@over-yonder.net>
To: Paul Herman <pherman@frenchfries.net>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG,
	Takumi ISHII <takishii@xephion.ne.jp>,
	"Geoffrey C. Speicher" <geoff@sea-incorporated.com>
Subject: Re: bin/38676 change request for pw command
Date: Tue, 25 Jun 2002 00:58:29 -0500

 On Mon, Jun 24, 2002 at 10:52:50PM -0700 I heard the voice of
 Paul Herman, and lo! it spake thus:
 > 
 > The topic of HOW to best fix this bug has recently been hashed out
 > a bit on -hackers and -stable.  Matthew Fuller proposed an
 > alternate fix by using a giant lock in /var/run/, so the jury is
 > still out on the best way to solve the problem.
 > 
 > I'll let Matthew speak for himself, but I feel that the either the
 > patch in bin/23501 or the following improved patch is the best way
 > to solve the problem.  Opinions in the audit-trail are surely to
 > follow.  :-)
 
 First post!    *duck*
 
 I see no problem with (assuming this works; I'm short on testing time for
 this OR my method this week), if nothing else, smacking this in for now;
 it's not like we can't change our attack method on this next week or next
 month.
 
 However:
 
 > +	for (;;) {
 > +		[ stuff(); ]
 > +		close(infd);
 > +	}
 
 Might I suggest a sleep(1); in there?  Give the poor CPU a break!   :->
 
 
 
 -- 
 Matthew Fuller     (MF4839)   |  fullermd@over-yonder.net
 Systems/Network Administrator |  http://www.over-yonder.net/~fullermd/
 
 "The only reason I'm burning my candle at both ends, is because I
       haven't figured out how to light the middle yet"

From: Paul Herman <pherman@frenchfries.net>
To: "Matthew D. Fuller" <fullermd@over-yonder.net>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG,
	Takumi ISHII <takishii@xephion.ne.jp>,
	"Geoffrey C. Speicher" <geoff@sea-incorporated.com>
Subject: Re: bin/38676: change request for pw command
Date: Mon, 24 Jun 2002 23:07:14 -0700 (PDT)

 On Tue, 25 Jun 2002, Matthew D. Fuller wrote:
 
 > > +	for (;;) {
 > > +		[ stuff(); ]
 > > +		close(infd);
 > > +	}
 >
 > Might I suggest a sleep(1); in there?  Give the poor CPU a break!   :->
 
 :-)
 
 That's what I first thought, but open() will block until the lock
 frees up.  If the link count isn't 1, I don't think it should
 sleep, but it just as well could usleep() I suppose, but I don't
 think it's a big deal.
 
 This idea was taken from Matt Dillon's pwd_mkdb.c rev 1.29 fix.
 
 -Paul.
 

From: Masachika ISHIZUKA <ishizuka@ish.org>
To: freebsd-gnats-submit@FreeBSD.org
Cc:  
Subject: Re: bin/38676 change request for pw command
Date: Wed, 14 May 2003 15:29:30 +0900 (JST)

 > The following reply was made to PR bin/38676; it has been noted by GNATS.
 > 
 > From: Paul Herman <pherman@frenchfries.net>
 > To: FreeBSD-gnats-submit@FreeBSD.ORG
 > Cc: Takumi ISHII <takishii@xephion.ne.jp>,
 > 	"Geoffrey C. Speicher" <geoff@sea-incorporated.com>,
 > 	"Matthew D. Fuller" <fullermd@over-yonder.net>
 > Subject: Re: bin/38676 change request for pw command
 > Date: Mon, 24 Jun 2002 22:52:50 -0700 (PDT)
 > 
 >  Here is an better version of the patch in bin/23501.  In addition
 >  to the advisory lock, link counts are checked to avoid any
 >  unlink/rename issues.  This has been tested by myself and seems to
 >  also fix the problem.
 
   Hi, this is ishizuka@ish.org.
 
   I tested this patch for 5.1-BETA-20030514-JPSNAP and I think
 this patch is good for 5.1-BETA.
   The test procedure is as follows.
 
 (1) create 5000 new accounts in /etc/master.passwd.
 
   % su
   # sh
   $ uid=10000
   $ while [ $uid -lt 15000 ]; do
   >   echo "test$uid:*:$uid:$uid::0:0:User &:/nonexistent:/sbin/nologin" >> /tmp/users.txt
   >   uid=$(($uid+1))
   > done
   $ vipw
   :$
   :r /tmp/users.txt
   :wq
   $ wc -l /etc/master.passwd /etc/passwd
 
 (2) create 100 accounts more with pw command as follows.
 
   $ uid=20000
   $ while [ $uid -lt 20100 ]; do
   >   pw useradd test$uid -u $uid -d /nonexistent -s /sbin/nologin -h - &
   >   uid=$(($uid+1))
   > done
 
 (3) Wait until (2) is done.
 
 (4) Count lines for /etc/master.passwd and /etc/passwd
 
   $ wc -l /etc/master.passwd /etc/passwd
 
 
   Before applying this patch, /etc/master.passwd and /etc/passwd are
 broken, After this patch is applied, they are not broken.
 
 -- 
 ishizuka@ish.org
State-Changed-From-To: open->closed 
State-Changed-By: kensmith 
State-Changed-When: Tue Mar 9 19:54:17 PST 2004 
State-Changed-Why:  

The patch from bin/23501 was committed, it *should* be sufficient. 


http://www.freebsd.org/cgi/query-pr.cgi?pr=38676 
>Unformatted:
