Bug 202664 - mergemaster as unprivileged user dumps system default master.passwd into /var/tmp/temproot
Summary: mergemaster as unprivileged user dumps system default master.passwd into /var...
Status: Closed Overcome By Events
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 10.2-STABLE
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-26 01:44 UTC by John D Jones III
Modified: 2025-01-17 22:15 UTC (History)
5 users (show)

See Also:

Attachments
warn user when not running as root (771 bytes, patch)
2015-08-26 10:24 UTC, Willem Jan Withagen 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John D Jones III 2015-08-26 01:44:12 UTC 
I accidentally ran mergemaster -pv as a normal user instead of root and this is the output:

([J:0]jnbek@rtr10[~]% mergemaster -pv                                                                                                                         [08/25/15][19:39:56])

 *** You have /usr/bin/less defined as your pager so we will use that

*** The directory specified for the temporary root environment,
    /var/tmp/temproot, exists.  This can be a security risk if untrusted
    users have access to the system.

  Use 'd' to delete the old /var/tmp/temproot and continue
  Use 't' to select a new temporary root directory
  Use 'e' to exit mergemaster

  Default is to use /var/tmp/temproot as is

How should I deal with this? [Use the existing /var/tmp/temproot] d

   *** Deleting the old /var/tmp/temproot

*** Creating the temporary root environment in /var/tmp/temproot
 *** /var/tmp/temproot ready for use
 *** Creating and populating directory structure in /var/tmp/temproot

 *** Press the [Enter] or [Return] key to continue
install: /var/tmp/temproot/etc/group: chown/chgrp: Operation not permitted

  *** FATAL ERROR: Cannot copy files to the temproot environment

([J:0]jnbek@rtr10[~]% ls -R /var/tmp/temproot                                                                                                                 [08/25/15][19:41:40])
etc/

/var/tmp/temproot/etc:
master.passwd

This seems to be a bad thing. It's a stock master.passwd file but I would think that mergemaster should fail before ever messing with this file in the first place unless the user is root. If a unprivileged user gets compromised on a system, this could be used for evil, although I'm not sure exactly how.
Comment 1 Anonymous 2015-08-26 04:10:53 UTC 
I think it uses /usr/src/etc/* as base and then it diffs all that to the system etc, not the actual one installed in /etc/ so I don't think there's any threat.

if you have a look at /usr/src/etc/ you will see a generic master.passwd which should be the same one youre looking at. a normal user has no access to /etc/master.passwd

-rw-------  1 root  wheel  2612 Aug 24 03:06 /etc/master.passwd

-rw-r--r--  1 root  wheel  1640 Aug 18 12:26 /usr/src/etc/master.passwd
Comment 2 Mahdi Mokhtari freebsd_committer freebsd_triage 2015-08-26 08:52:56 UTC 
This bug also affects me on 10.1-Release and 10.1-stable
Comment 3 Mahdi Mokhtari freebsd_committer freebsd_triage 2015-08-26 09:13:36 UTC 
i think we [as writer of this bash script] should first of all check user privileges then run main loop. [just a simple guess]
Comment 4 Willem Jan Withagen 2015-08-26 10:24:37 UTC 
Created attachment 160369 [details]
warn user when not running as root
Comment 5 Ed Maste freebsd_committer freebsd_triage 2023-03-07 19:42:10 UTC 
As anonymous reports this is the stock FreeBSD-provided master.passwd which has no privileged information. Thus this is (only) a QOI issue.
Comment 6 Alan Somers freebsd_committer freebsd_triage 2025-01-17 22:15:01 UTC 
mergemaster is obsolete and removed from 15.0-CURRENT.  Long live etcupdate.