Skip to content

🐛 users: skip /etc/passwd entries with unparseable uid/gid#8659

Open
tas50 wants to merge 1 commit into
mainfrom
claude/fix-etcpasswd-malformed-uid
Open

🐛 users: skip /etc/passwd entries with unparseable uid/gid#8659
tas50 wants to merge 1 commit into
mainfrom
claude/fix-etcpasswd-malformed-uid

Conversation

@tas50

@tas50 tas50 commented Jun 23, 2026

Copy link
Copy Markdown
Member

Bug

ParseEtcPasswd in users/etcpasswd.go:

uid, err := strconv.ParseInt(m[2], 10, 0)
if err != nil {
    log.Error().Err(err).Str("user", m[0]).Msg("could not parse uid")
}
gid, err := strconv.ParseInt(m[3], 10, 0)
if err != nil {
    log.Error().Err(err).Str("user", m[0]).Msg("could not parse gid")
}
users = append(users, &User{ ... Uid: uid, Gid: gid, ... })

The error is logged but not acted on: on a parse failure uid/gid keep their zero value and the user is still appended. A malformed /etc/passwd line therefore surfaces as a uid 0 / gid 0 (root) account — the worst possible sentinel for an inventory/security tool (the sibling shadow.go parser correctly returns an error in the same situation).

Fix

Skip the entry (with a warning log) when uid or gid can't be parsed, so a corrupt line is dropped rather than fabricating root. Added a regression test with malformed uid and gid lines.

🤖 Generated with Claude Code

https://claude.ai/code/session_015U1ocAxfcBhVYi3f9JnyZZ


Generated by Claude Code

@github-actions

github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@mondoo-code-review mondoo-code-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixes a bug where malformed /etc/passwd entries with non-numeric uid/gid were silently treated as uid 0 (root).

@github-actions

github-actions Bot commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Test Results

11 154 tests  +1   11 147 ✅ +1   3m 33s ⏱️ - 1m 47s
   545 suites ±0        7 💤 ±0 
    40 files   ±0        0 ❌ ±0 

Results for commit 5614f7d. ± Comparison against base commit a92a575.

♻️ This comment has been updated with latest results.

@tas50 tas50 force-pushed the claude/fix-etcpasswd-malformed-uid branch 4 times, most recently from 4a86843 to 0b05778 Compare June 24, 2026 18:02
ParseEtcPasswd logged a uid/gid parse error but fell through and
appended the user anyway with the zero value, surfacing a malformed
line as a phantom uid 0 / gid 0 (root) account — the worst possible
sentinel for an inventory/security tool.

Skip the entry on a parse error instead. Adds a regression test.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_015U1ocAxfcBhVYi3f9JnyZZ
@tas50 tas50 force-pushed the claude/fix-etcpasswd-malformed-uid branch from 0b05778 to 5614f7d Compare June 29, 2026 17:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant