Bug#707678: gnome-system-tools: users-admin fails silently to delete a user if a process is running with that uid

Nemo Inis nemoinis at hotmail.com
Fri May 10 08:58:18 UTC 2013 

Package: gnome-system-tools
Version: 3.0.0-2
Severity: important

When trying to delete a user, users-admin appeared to have worked: the user was
removed from the list shown by users-admin, and no error message was displayed.
However, a quick command-line check showed the user was still there. Indeed,
after exiting and relaunching users-admin, the user was again shown in the
list. This was repeatable.

Using the "deluser" command in a terminal provided the answer: deluser failed
because that user was currently used by a running process. After killing that
process, deleting the user in users-admin worked as expected.

The security risk is that users-admin failed to delete the user (when the
process was running) without ANY indication that anything was wrong, and so a
trusting admin -if there is such a person :-) - could be fooled into thinking a
user had been deleted when it had not.



-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.2.0-4-686-pae (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gnome-system-tools depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.12.1-3
ii  libatk1.0-0                                  2.4.0-2
ii  libc6                                        2.13-38
ii  libcairo-gobject2                            1.12.2-3
ii  libcairo2                                    1.12.2-3
ii  libdbus-1-3                                  1.6.8-1
ii  libfontconfig1                               2.9.0-7.1
ii  libfreetype6                                 2.4.9-1.1
ii  libgdk-pixbuf2.0-0                           2.26.1-1
ii  libglib2.0-0                                 2.33.12+really2.32.4-5
ii  libgtk-3-0                                   3.4.2-6
ii  liboobs-1-5                                  3.0.0-1
ii  libpango1.0-0                                1.30.0-1
ii  libpolkit-gobject-1-0                        0.105-3
ii  perl                                         5.14.2-21
ii  policykit-1-gnome                            0.105-2
ii  system-tools-backends                        2.10.2-1

Versions of packages gnome-system-tools recommends:
pn  gnome-control-center  <none>

Versions of packages gnome-system-tools suggests:
ii  ntp  1:4.2.6.p5+dfsg-2

-- no debconf information

More information about the pkg-gnome-maintainers mailing list