53453 – Renaming groups does not check existing group names or user names

Bug 53453 - Renaming groups does not check existing group names or user names

Summary: Renaming groups does not check existing group names or user names

Status:	CLOSED FIXED

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	UDM (Generic)
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	UCS 5.0-0-errata
Assignee:	Florian Best
QA Contact:	Dirk Wiesenthal

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:
Blocks:	56929
	Show dependency tree / graph

Reported:	2021-06-16 01:05 CEST by Dirk Wiesenthal
Modified:	2023-12-20 13:11 CET (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Flags:	best: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dirk Wiesenthal

2021-06-16 01:05:20 CEST

Creating a groups/group object with a name of an existing user is prevented by UDM. But renaming an existing group is allowed.

It even works with existing group names. You can have multiple groups of the same name, given that they all differ in position.

Comment 1 Dirk Wiesenthal

2021-06-16 01:08:06 CEST

This may be a security issue if someone may create / rename groups. And some software only checks for the actual name of a group.

Example may be a UCS@school workgroup named "Domain Admins"? Not sure, but just in case, I flag it as security.

Comment 2 Florian Best

2021-07-02 11:53:57 CEST

Patch available in:
https://git.knut.univention.de/univention/ucs/-/merge_requests/112

Comment 3 Florian Best

2021-07-08 01:07:57 CEST

Fixed in:

univention-directory-manager-modules.yaml
ae47c0e6c1ec | Bug #53453: check uniqueness of groupname when renaming a group

univention-directory-manager-modules (15.0.11-11)
ae47c0e6c1ec | Bug #53453: check uniqueness of groupname when renaming a group

ucs-test (10.0.6-11)
772f119442e1 | Bug #53453: enhance 07_group_creation_with_name_already_in_use

Comment 4 Dirk Wiesenthal

2021-07-28 01:58:59 CEST

Tests: ~OK (they work, but they were not cherry-picked!)
Manual Tests: OK
Code review: OK
YAML: OK

Comment 5 Erik Damrose

2021-08-04 16:25:36 CEST

<https://errata.software-univention.de/#/?erratum=5.0x61>