Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

useradd/groupadd report warning #938

Open
pawanbadganchi opened this issue Feb 6, 2024 · 12 comments
Open

useradd/groupadd report warning #938

pawanbadganchi opened this issue Feb 6, 2024 · 12 comments

Comments

@pawanbadganchi
Copy link

useradd/groupadd report errors as below:

We are using this shadow library in our application.
When we compile our application we get below warning in log.do_prepare_recipe_sysroot

"configuration error - unknown item 'SYSLOG_SU_ENAB' (notify administrator)"
"configuration error - unknown item 'SYSLOG_SG_ENAB' (notify administrator)"

above warning is observed though below CVE is already available in our code kirkstone branch.

CVE-2023-29383.patch
0001-Overhaul-valid_field.patch.
@pawanbadganchi
Copy link
Author

@ikerexxe @alejandro-colomar Could you please help here?

@alejandro-colomar
Copy link
Collaborator

alejandro-colomar commented Feb 6, 2024
edited
Loading

What are those patch names?

Also, the CVE is fixed in 4.14, right?

@ikerexxe
Copy link
Collaborator

ikerexxe commented Feb 6, 2024

We are using this shadow library in our application. When we compile our application we get below warning in log.do_prepare_recipe_sysroot

I think it would be nice to have an explanation of who you are referring to by "we". Are you referring to a well-known distribution? Or are you the developer of some homemade distribution?

CVE-2023-29383.patch 0001-Overhaul-valid_field.patch.

I don't have access to those patches. Have they been upstreamed? If so, can you provide a link their commit hashes?

Also, the CVE is fixed in 4.14, right?

Yes, so either they rebase to 4.14, or they manually port that patch.

@pawanbadganchi
Copy link
Author

pawanbadganchi commented Feb 7, 2024
edited
Loading

What are those patch names?

Also, the CVE is fixed in 4.14, right?

Patches names are below.
0001-Overhaul-valid_field.patch
CVE-2023-29383.patch

Yes it is fixed in 4.14

Below is the commit hash link.
https://git.yoctoproject.org/poky/commit/?id=ef16919e98108724ede5ad5d79e3cbab1918d6d5

In meta-openembedded mailing list discussion was happened and they merged in the upstream kirkstone and as well as in master.

https://lists.openembedded.org/g/openembedded-core/message/180212

@pawanbadganchi
Copy link
Author

pawanbadganchi commented Feb 7, 2024
edited
Loading

We are using this shadow library in our application. When we compile our application we get below warning in log.do_prepare_recipe_sysroot

I think it would be nice to have an explanation of who you are referring to by "we". Are you referring to a well-known distribution? Or are you the developer of some homemade distribution?

CVE-2023-29383.patch 0001-Overhaul-valid_field.patch.

I don't have access to those patches. Have they been upstreamed? If so, can you provide a link their commit hashes?

Also, the CVE is fixed in 4.14, right?

Yes, so either they rebase to 4.14, or they manually port that patch.

Yes i am the developer of well-known distribution.

Yes they have upstreamed and fixed in 4.14 version.
Below is the commit hash link.
https://git.yoctoproject.org/poky/commit/?id=ef16919e98108724ede5ad5d79e3cbab1918d6d5

In meta-openembedded mailing list discussion was happened and they merged in the upstream kirkstone and as well as in master.

https://lists.openembedded.org/g/openembedded-core/message/180212

@ikerexxe
Copy link
Collaborator

ikerexxe commented Feb 7, 2024

At this point I have read this topic two times and I don't understand where the problem lies. You mention two patches that I thought were missing in your distribution, but apparently they have already been backported. So, what are you looking for? Can you state the problem in another terms?

@pawanbadganchi
Copy link
Author

pawanbadganchi commented Feb 7, 2024
edited
Loading

At this point I have read this topic two times and I don't understand where the problem lies. You mention two patches that I thought were missing in your distribution, but apparently they have already been backported. So, what are you looking for? Can you state the problem in another terms?

@ikerexxe
We are using this shadow library in our application.
When we compile our application we get below warning in log.do_prepare_recipe_sysroot

Below warning is observed though below CVE is already available in our code kirkstone branch.

"configuration error - unknown item 'SYSLOG_SU_ENAB' (notify administrator)"
"configuration error - unknown item 'SYSLOG_SG_ENAB' (notify administrator)"

CVE-2023-29383.patch
0001-Overhaul-valid_field.patch.

what could be the reason that this warning is coming?

@ikerexxe
Copy link
Collaborator

ikerexxe commented Feb 8, 2024

Taking a look at the openembedded distribution email that you sent it seems like they have another patch to silence those warnings:

2. The fix of cve caused useradd/groupadd report errors as below:
"configuration error - unknown item 'SYSLOG_SU_ENAB' (notify administrator)"
"configuration error - unknown item 'SYSLOG_SG_ENAB' (notify administrator)"
so backport another patch to fix useradd/groupadd wrong paramter's issue.

However, the only other commit that is referenced is e5905c4, and from a first glance that doesn't seem to fix the issue. I'd recommend you to reply to that email to understand how they "fixed" the problem.

@pawanbadganchi
Copy link
Author

Taking a look at the openembedded distribution email that you sent it seems like they have another patch to silence those warnings:

2. The fix of cve caused useradd/groupadd report errors as below:
"configuration error - unknown item 'SYSLOG_SU_ENAB' (notify administrator)"
"configuration error - unknown item 'SYSLOG_SG_ENAB' (notify administrator)"
so backport another patch to fix useradd/groupadd wrong paramter's issue.

However, the only other commit that is referenced is e5905c4, and from a first glance that doesn't seem to fix the issue. I'd recommend you to reply to that email to understand how they "fixed" the problem.

This is the another patch 0001-Overhaul-valid_field.patch which also have in our code but still issue is coming.
Okay will reply to that email

@sparkleholic
Copy link

sparkleholic commented Dec 6, 2024
edited
Loading

I'm facing this issue.
In https://lists.openembedded.org/g/openembedded-core/message/196673, it says like the following.

The error message is caused because the 0001-Disable-use-of-syslog-for-sysroot.patch applied to the native recipe disables syslog support and the native tool does not recognize SYSLOG_SU_ENAB.
On 3/6/2024 12:13 AM, Fabio Berton via lists.openembedded.org wrote:

I'm wondering what is the next action to solve this issue. (IMO, the followings could be options)

  • Removing 0001-Disable-use-of-syslog-for-sysroot.patch from shadow-native recipe.
  • Or, commeting SYSLOG_SU_ENAB and SYSLOG_SG_ENAB lines in login.defs by adding shadow_%.bbappend in another meta-layer.

@alejandro-colomar
Copy link
Collaborator

@sparkleholic

I'm facing this issue. In https://lists.openembedded.org/g/openembedded-core/message/196673, it says like the following.

The error message is caused because the 0001-Disable-use-of-syslog-for-sysroot.patch applied to the native recipe disables syslog support and the native tool does not recognize SYSLOG_SU_ENAB.
On 3/6/2024 12:13 AM, Fabio Berton via lists.openembedded.org wrote:

I'm wondering what is the next action to solve this issue. (IMO, the followings could be options)

* Removing ` 0001-Disable-use-of-syslog-for-sysroot.patch` from shadow-native recipe.

You should discuss that with the distribution. We don't have that patch.

* Or, commeting `SYSLOG_SU_ENAB` and `SYSLOG_SG_ENAB` lines in login.defs by adding `shadow_%.bbappend` in another meta-layer.

Same here. We don't have control over the login.defs of your distribution.

@sparkleholic
Copy link

@alejandro-colomar
Ok, thanks for the reply.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ikerexxe @sparkleholic @alejandro-colomar @pawanbadganchi