Bug#374705: [Pkg-shadow-devel] Bug#374705: tentative patch

Stephen Gran sgran at debian.org
Thu Jun 22 10:18:44 UTC 2006 

This one time, at band camp, Christian Perrier said:
> Quoting Frans Pop (elendil at planet.nl):
> > On Wednesday 21 June 2006 22:26, you wrote:
> > > However, I think the issue is not present in the 4.0.16 versions
> > > (according to my tests and according to the code).
> > >
> > > Can somebody else confirm?
> > 
> > Confirmed. If I do a new install of unstable, the mail spool dir is clean.
> 
> 
> So, this is probably because there were some differences in the patch
> we temporarily applied in Debian to cover the security issue
> supposedly fixed by 4.0.15-10 and the one that was really applied by
> Tomasz in 4.0.16.
> 
> Hence, closing the bug with "Version: 4.0.16-1" seems fair.
> 
> 4.0.16-2 is now in testing anyway.

steve at gashuffer:~/source/shadow-4.0.16$ head -n 1 debian/changelog
shadow (1:4.0.16-2) unstable; urgency=low
steve at gashuffer:~/source/shadow-4.0.16$ grep -B 17 fchown src/useradd.c
                fd = open (file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0);
                if (fd < 0) {
                        perror (_("Creating mailbox file"));
                        return;

                        gr = getgrnam ("mail");
                        if (!gr) {
                                fprintf (stderr,
                                         _
                                         ("Group 'mail' not found. Creating the user mailbox file with 0600 mode.\n"));
                                gid = user_gid;
                                mode = 0600;
                        } else {
                                gid = gr->gr_gid;
                                mode = 0660;
                        }

                        if (fchown (fd, user_id, gid) || fchmod (fd, mode))

The bug is present in 1:4.0.16-2.  Unless I'm missing something?
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran at debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20060622/cf57e627/attachment.pgp

More information about the Pkg-shadow-devel mailing list