[Pkg-iscsi-maintainers] Bug#584939: open-iscsi: cannot log into target from initramfs

Michal Suchanek <hramrach@centrum.cz> michal.suchanek at ruk.cuni.cz
Mon Jun 7 16:54:17 UTC 2010 

Package: open-iscsi
Version: 2.0.871.3-1
Severity: normal


The iscsid daemon only allows root to manage the iscsi disks.

To check that the user is root it fist gets the uid, then calls getpwent
on the uid and then compares the username with the string "root".

This is imho stupid and superfluous as just comparing the uid to zero
would give the same level of sucurity wiht much less code.

What's more, there is no /etc/passwd in initramfs.

This patch just installs a default pwent entry for root in case getpwent
fails.

However, ripping out the junk with getpwent is suggested.

I tried with the 2.0.870-rc3 iscsid but the patch still applies.


-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (900, 'stable'), (700, 'testing'), (500, 'oldstable'), (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.34-rc5-atom64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages open-iscsi depends on:
ii  libc6                         2.10.2-9   Embedded GNU C Library: Shared lib
ii  udev                          154-1      /dev/ and hotplug management daemo

open-iscsi recommends no packages.

open-iscsi suggests no packages.

-- no debconf information
-------------- next part --------------
There is no /etc/passwd in initramfs so authentication using getpwent fails.
It is stupid anyway, just checking that the uid is zero would be much simpler
and provide the same level of security.

diff -ur open-iscsi-2.0.870~rc3/usr/mgmt_ipc.c open-iscsi-2.0.870~rc3.default_user/usr/mgmt_ipc.c
--- open-iscsi-2.0.870~rc3/usr/mgmt_ipc.c	2008-09-26 01:53:08.000000000 +0200
+++ open-iscsi-2.0.870~rc3.default_user/usr/mgmt_ipc.c	2009-09-10 23:31:05.000000000 +0200
@@ -359,9 +359,15 @@
 
 	pass = getpwuid(peercred.uid);
 	if (pass == NULL) {
-		log_error("peeruser_unix: unknown local user with uid %d",
-				(int) peercred.uid);
-		return 0;
+		if(peercred.uid) {
+			log_error("peeruser_unix: unknown local user with uid %d",
+					(int) peercred.uid);
+			return 0;
+		} else {
+			log_error("peeruser_unix: getpwuid failed for uid 0, returning root");
+			strncpy(user, "root", PEERUSER_MAX);
+			return 1;
+		}
 	}
 
 	strncpy(user, pass->pw_name, PEERUSER_MAX);

More information about the Pkg-iscsi-maintainers mailing list