[Pkg-shadow-devel] Bug#677812: passwd: vipw should warn users if they attempt to edit a file not in /etc

Paul Munday paulm at freegeek.org
Sat Jun 16 22:00:31 UTC 2012


Package: passwd
Version: 1:4.1.4.2+svn3283-2+squeeze1
Severity: wishlist

vipw only edits /etc/passwd /etc/shadow etc.
 However calling it vipw suggests it will act like a standard editor and
take
a path on the command line to edit. Instead it silently ignores a path
you
 give it (for instance if you are editing the passwd file  on a mounted 
volume)  and edits the files in /etc on the system you are using.

This colud have some fairly disastrous consequences since its not
always 
obvious which file you are editing.

vipw (and vigr) should either refuse to take any input on the command
line
 other that the correct options and exit 
or 
warn the user what it will actually do and then exit, or allow the user 
to do so. 



-- System Information:
Debian Release: 6.0.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages passwd depends on:
ii  debianutils           3.4                Miscellaneous utilities
specific t
ii  libc6                 2.11.3-3           Embedded GNU C Library:
Shared lib
ii  libpam-modules        1.1.1-6.1+squeeze1 Pluggable Authentication
Modules f
ii  libpam0g              1.1.1-6.1+squeeze1 Pluggable Authentication
Modules l
ii  libselinux1           2.0.96-1           SELinux runtime shared
libraries

passwd recommends no packages.

passwd suggests no packages.

-- no debconf information







More information about the Pkg-shadow-devel mailing list