Bug#404016: Many reference of user 'root' in sympa code after installation.

Thu, 21 Dec 2006 00:14:15 -0800 

Jean Charles Delepine wrote:

Package: sympa
Version: 5.2.3-0.5
Severity: normal

/usr/lib/sympa/bin/arc2webarc.pl:unless (getlogin() eq 'root') {
/usr/lib/sympa/bin/archived.pl: chown 'root', 'root', $wwsconf->{'arc_path'};
/usr/lib/sympa/bin/archived.pl:$( = $) = (getgrnam('root'))[2];
/usr/lib/sympa/bin/archived.pl:$< = $> = (getpwnam('root'))[2];
/usr/lib/sympa/bin/archived.pl:&POSIX::setuid((getpwnam('root'))[2]);
/usr/lib/sympa/bin/archived.pl:&POSIX::setgid((getgrnam('root'))[2]);
/usr/lib/sympa/bin/bounced.pl:$( = $) = (getgrnam('root'))[2];
/usr/lib/sympa/bin/bounced.pl:$< = $> = (getpwnam('root'))[2];
/usr/lib/sympa/bin/bounced.pl:&POSIX::setuid((getpwnam('root'))[2]);
/usr/lib/sympa/bin/bounced.pl:&POSIX::setgid((getgrnam('root'))[2]);
/usr/lib/sympa/bin/mod2html.pl:$( = $) = (getgrnam('root'))[2];
/usr/lib/sympa/bin/mod2html.pl:$< = $> = (getpwnam('root'))[2];
/usr/lib/sympa/bin/sympa.pl:    $( = $) = (getgrnam('root'))[2];
/usr/lib/sympa/bin/sympa.pl:    $< = $> = (getpwnam('root'))[2];
/usr/lib/sympa/bin/sympa.pl:    &POSIX::setuid((getpwnam('root'))[2]);
/usr/lib/sympa/bin/sympa.pl:    &POSIX::setgid((getgrnam('root'))[2]);
/usr/lib/sympa/bin/task_manager.pl:$( = $) = (getgrnam('root'))[2];
/usr/lib/sympa/bin/task_manager.pl:$< = $> = (getpwnam('root'))[2];
/usr/lib/sympa/bin/task_manager.pl:&POSIX::setuid((getpwnam('root'))[2]);
/usr/lib/sympa/bin/task_manager.pl:&POSIX::setgid((getgrnam('root'))[2]);
/usr/lib/sympa/bin/tools.pl:    my $uid = (getpwnam('root'))[2];
/usr/lib/sympa/bin/tools.pl:    my $gid = (getgrnam('root'))[2];
/usr/lib/sympa/bin/tpl2tt2.pl:#unless (getlogin() eq 'root') {
/usr/lib/sympa/bin/tpl2tt2.pl:  chown 'root', 'root', $dest_path;
/usr/lib/sympa/bin/tpl2tt2.pl: chown 'root', 'root', $out_file; /usr/lib/cgi-bin/sympa/wwsympa.fcgi: unless ($> eq (getpwnam('root'))[2]) { 
/usr/lib/cgi-bin/sympa/wwsympa.fcgi:     &wwslog('err','Config error: wwsympa 
should run with UID %s (instead of %s)', (getpwnam('root'))[2], $>);
/usr/lib/cgi-bin/sympa/wwsympa_sudo_wrapper.pl:exec '/usr/bin/sudo', '-u', 
'root', '/usr/lib/cgi-bin/sympa/wwsympa.fcgi'

All those 'root' come from '--USER--' in the code which itself comes
from the configure option :
   --with-user=LOGIN       set sympa user name (default sympa)
debian set's this option to root, because sympa user still not exist at
build time.

sympa runas user sympa, so all those setuid and other chown will not
have effect. Anyway, I don't feel comfortable with this and wouldn't
like somebody else to see such code... and the last 'sudo' is...
quite interesting.

Modifiing autoconf to have --with-user for the code and --with-owner for
the files as in my package has my preference.

You will prefer I think modifying all those --USER-- before build. Maybe
something more... less... than that :

find . -path './debian' -prune -o -type f -print -exec perl -i -pe
"s%\'--USER--\'%\'sympa\'%" {} ';'


This is certainly an issue to be fixed before uploading to unstable.
But we are getting pretty close :-).

Regards
        Racke


--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to