pw assumes the group with the ID 0 if you specify a string mistakenly instead of a number in conjunction with option -g. This might be problematic because it is possible that you delete the group 'wheel' accidentally and silently. This issue has been discovered by Mars G. Miro (marsgmiro at gmail.com) Fix: The patch below checks the error value returned by atoi and aborts the current action if the user supplied an invalid GID. Note that pw still accepts erroneous values in certain cases, e.g. -g 0somestring. How-To-Repeat: Back up your /etc/group. ;) # pw groupshow -g wheel wheel:*:0:root # pw groupdel -g somestring # pw groupshow -g wheel pw: unknown group `wheel'
A commit references this bug: Author: bapt Date: Tue Oct 28 14:54:05 UTC 2014 New revision: 273782 URL: https://svnweb.freebsd.org/changeset/base/273782 Log: Do not delete the group wheel when bad argument is passed to pw groupdel -g Check that the -g argument is actually a number, if not report an error. This argument is converted without checking with atoi(3) later so without this check it converts any alpha entries into 0 meaning it deletes the group wheel Add a regression test about it PR: 90114 Reported by: bkoenig@cs.tu-berlin.de MFC after: 1 week Changes: head/usr.sbin/pw/pw_group.c head/usr.sbin/pw/tests/pw_delete.sh
A commit references this bug: Author: bapt Date: Tue Nov 4 07:50:51 UTC 2014 New revision: 274082 URL: https://svnweb.freebsd.org/changeset/base/274082 Log: MFC: 272445,272578,273772,273779,273782,273786,273787,273791 Add a test for bug 191427 where pw(8) will go into an infinite loop Add some tests for modifying groups When a group is renamed then the group has been invalidated for sure. In that case get the group information using the new name. Fix a regression in pw usermod -G list The user was perperly adding the to different groups from "list" but was not removed from the other groups it could have belong to. Do not delete the group wheel when bad argument is passed to pw groupdel -g Check that the -g argument is actually a number, if not report an error. This argument is converted without checking with atoi(3) later so without this check it converts any alpha entries into 0 meaning it deletes the group wheel Ensure pw userdel -u <invalid> do not try to remove root Check the uid passed is actually a number as early as possible Fix renaming a group via the gr_copy function Add a regression test to pw(8) because the bug was discovered via using: pw groupmod PR: 193704 [1], 185666 [2], 90114 [3], 187189 [4] Submitted by: Marc de la Gueronniere [4] Reported by: az [1], sub.mesa@gmail.com [2], bkoenig@cs.tu-berlin.de [3], mcdouga9@egr.msu.edu [4] Changes: _U stable/10/ stable/10/etc/mtree/BSD.tests.dist stable/10/lib/libutil/gr_util.c stable/10/usr.sbin/pw/Makefile stable/10/usr.sbin/pw/pw_group.c stable/10/usr.sbin/pw/pw_user.c stable/10/usr.sbin/pw/tests/ stable/10/usr.sbin/pw/tests/Makefile stable/10/usr.sbin/pw/tests/pw_delete.sh stable/10/usr.sbin/pw/tests/pw_modify.sh
Close PRs that have had a corresponding fix committed.