Page MenuHomeVyOS Platform
Create Task
Maniphest T4341

login: disable user-account prior to deletion and wait until deletion is complete
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Some extensions when we delete system users.

Before we delete a user account - we kill it's session and force a log-out. In theory the user could log back in in a very tiny window and prevent the deletion of the account.
To prevent this loophole the account should be disabled before we force a logout.

Source code: https://github.com/vyos/vyos-1x/blob/175b0a082808955adba811f18424a126e798dd32/src/conf_mode/system-login.py#L253-L259

In addition we only try to delete the user account once - if this fails - the account persists. userdel(8) should be called in a loop which only exists once the account deletion was completed successfully.

Details

Difficulty level
Easy (less than an hour)
Version
1.3.1-S1
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change
Issue type
Bug (incorrect behavior)

Related Objects

Mentioned In
1.3.2
1.3.2

Event Timeline

c-po changed the task status from Open to In progress.Apr 4 2022, 8:25 PM
c-po claimed this task.
c-po created this task.
c-po updated the task description. (Show Details)
c-po renamed this task from login: disable user-account prior to deletion and force file removal to login: disable user-account prior to deletion.Apr 4 2022, 8:28 PM
c-po updated the task description. (Show Details)
c-po triaged this task as Low priority.Apr 4 2022, 8:33 PM
c-po added a project: VyOS 1.3 Equuleus (1.3.2).
c-po changed Difficulty level from Unknown (require assessment) to Easy (less than an hour).
c-po changed Version from - to 1.3.1-S1.
c-po changed Issue type from Security vulnerability to Bug (incorrect behavior).
c-po renamed this task from login: disable user-account prior to deletion to login: disable user-account prior to deletion and wait until deletion is complete.Apr 4 2022, 9:00 PM
c-po updated the task description. (Show Details)
c-po updated the task description. (Show Details)Apr 4 2022, 9:10 PM
c-po moved this task from Need Triage to In Progress on the VyOS 1.3 Equuleus (1.3.2) board.Apr 6 2022, 8:16 AM
c-po closed this task as Resolved.Apr 7 2022, 3:19 PM
c-po moved this task from In Progress to Finished on the VyOS 1.3 Equuleus (1.3.2) board.
c-po moved this task from Need Triage to Finished on the VyOS 1.4 Sagitta board.
dmbaturin mentioned this in 1.3.2.Sep 5 2022, 3:14 PM
dmbaturin mentioned this in 1.3.2.Sep 15 2022, 10:42 AM