Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.bugs.dist > #1288147
| From | Aurelien Jarno <aurel32@debian.org> |
|---|---|
| Newsgroups | linux.debian.bugs.dist |
| Subject | Bug#1132509: uidmap: getsubids look up /etc/subgid by gid instead of uid when using numerical values |
| Date | 2026-04-01 22:50 +0200 |
| Message-ID | <MFaFI-bYKy-7@gated-at.bofh.it> (permalink) |
| Organization | linux.* mail to news gateway |
Package: uidmap
Version: 1:4.18.0-2
Severity: important
Tags: patch
X-Debbugs-Cc: dsa@debian.org, wb-team@buildd.debian.org, sbuild@packages.debian.org
Control: affects -1 sbuild
Hi,
Since version 0.91.6, sbuild started to use getsubids to parse
/etc/subgid [1]. The format of this file is supposed to be [2]:
login name or UID : numerical subordinate group ID : numerical subordinate group ID count
Unfortunately getsubids parses it as login name or *GID*. This breaks
when this file contains UID and when UID != GID:
$ id buildd
uid=2952(buildd) gid=1009(buildd) groupes=1009(buildd),115(sbuild)
$ grep 2952 /etc/subgid
2952:193462272:65536
$ getsubids -g buildd
Error fetching ranges
Fortunately it seems that newgidmap parses the file correctly, so this
is not a security issue.
The following untested patch should fix the issue (which means that
get_owner_id() can be simplified as this is the only caller:
--- shadow-4.19.3.orig/lib/subordinateio.c
+++ shadow-4.19.3/lib/subordinateio.c
@@ -908,7 +908,7 @@ int list_owner_ranges(const char *owner,
return -1;
}
- have_owner_id = get_owner_id(owner, id_type, id);
+ have_owner_id = get_owner_id(owner, ID_TYPE_UID, id);
commonio_rewind(db);
while (NULL != (range = commonio_next(db))) {
Regards
Aurelien
[1] https://salsa.debian.org/debian/sbuild/-/commit/590c06cd5a76b6758606cc30fea075816edda468
[2] https://manpages.debian.org/unstable/passwd/subgid.5.en.html
Back to linux.debian.bugs.dist | Previous | Next — Next in thread | Find similar
Bug#1132509: uidmap: getsubids look up /etc/subgid by gid instead of uid when using numerical values Aurelien Jarno <aurel32@debian.org> - 2026-04-01 22:50 +0200
Bug#1132509: [Pkg-shadow-devel] Bug#1132509: uidmap: getsubids look up /etc/subgid by gid instead of uid when using numerical values "Serge E. Hallyn" <serge@hallyn.com> - 2026-04-01 23:30 +0200
Bug#1132509: [Pkg-shadow-devel] Bug#1132509: uidmap: getsubids look up /etc/subgid by gid instead of uid when using numerical values Chris Hofstaedtler <zeha@debian.org> - 2026-04-02 19:50 +0200
Bug#1132509: [Pkg-shadow-devel] Bug#1132509: uidmap: getsubids look up /etc/subgid by gid instead of uid when using numerical values Aurelien Jarno <aurel32@debian.org> - 2026-04-02 20:00 +0200
Bug#1132509: [Pkg-shadow-devel] Bug#1132509: uidmap: getsubids look up /etc/subgid by gid instead of uid when using numerical values Chris Hofstaedtler <zeha@debian.org> - 2026-04-03 12:00 +0200
Bug#1132509: [Pkg-shadow-devel] Bug#1132509: uidmap: getsubids look up /etc/subgid by gid instead of uid when using numerical values Jochen Sprickerhof <jspricke@debian.org> - 2026-04-03 17:30 +0200
Bug#1132509: [Pkg-shadow-devel] Bug#1132509: uidmap: getsubids look up /etc/subgid by gid instead of uid when using numerical values Aurelien Jarno <aurel32@debian.org> - 2026-04-03 20:00 +0200
Bug#1132509: [Pkg-shadow-devel] Bug#1132509: uidmap: getsubids look up /etc/subgid by gid instead of uid when using numerical values Aurelien Jarno <aurel32@debian.org> - 2026-04-02 20:00 +0200
Bug#1132509: uidmap: getsubids look up /etc/subgid by gid instead of uid when using numerical values Johannes Schauer Marin Rodrigues <josch@debian.org> - 2026-04-01 23:50 +0200
csiph-web