Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 833365 (CVE-2022-0563)

Summary: <sys-apps/util-linux-2.37.4: Partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: base-system, into-the-trash-it-goes, sam
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 833367    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2022-02-14 22:45:25 UTC
Description cribbed from Red Hat at

commit 39a81981ac4b8a1f521db550afc117ccab9548cb
Author: Karel Zak <>
Date:   Thu Feb 10 12:03:17 2022 +0100

    chsh, chfn: remove readline support [CVE-2022-0563]
    The readline library uses INPUTRC= environment variable to get a path
    to the library config file. When the library cannot parse the
    specified file, it prints an error message containing data from the
    Unfortunately, the library does not use secure_getenv() (or a similar
    concept) to avoid vulnerabilities that could occur if set-user-ID or
    set-group-ID programs.
    Reported-by: Rory Mackie <>
    Signed-off-by: Karel Zak <>

 login-utils/ |  2 +-
 login-utils/chfn.c        | 14 ++------------
 login-utils/chsh.c        | 43 +++----------------------------------------
 3 files changed, 6 insertions(+), 53 deletions(-)
Comment 1 Larry the Git Cow gentoo-dev 2022-02-14 23:04:02 UTC
The bug has been referenced in the following commit(s):

commit bd7843850e85f86958a900d7722cb56aa9b5bec1
Author:     Sam James <>
AuthorDate: 2022-02-14 22:55:23 +0000
Commit:     Sam James <>
CommitDate: 2022-02-14 23:03:37 +0000

    sys-apps/util-linux: add 2.37.4
    Signed-off-by: Sam James <>

 sys-apps/util-linux/Manifest                 |   1 +
 sys-apps/util-linux/util-linux-2.37.4.ebuild | 333 +++++++++++++++++++++++++++
 2 files changed, 334 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-18 01:23:08 UTC
Please cleanup
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-02-18 11:00:14 UTC
Activity on the bug made me realise the connection wrt chfn & sys-apps/shadow.

$ grep -rsin chfn
util-linux-2.38.1-r2.ebuild:226:                        --disable-chfn-chsh
util-linux-2.38.1.ebuild:243:                   --disable-chfn-chsh
util-linux-9999.ebuild:226:                     --disable-chfn-chsh
util-linux-2.37.4.ebuild:189:                   --disable-chfn-chsh

I don't think this bug ever affected Gentoo, modulo older versions doing it (not checked, so I'll leave open until someone has verified it).