Hi, 2009/12/12 Ted Felix <t...@tedfelix.com>: > Looks like the problem is in this line from open_logs(): > > logfd = open(logfile, O_WRONLY|O_CREAT|O_APPEND); > > It should be this: > > logfd = open(logfile, O_WRONLY|O_CREAT|O_APPEND, 0640); > > And (theoretically, as I've not tested it) the problem is solved.
Yes, the third argument is needed when using O_CREAT. > > As mentioned, this doesn't fix any existing log files that are hanging > around, so maybe we need more code to destroy any old log file that has > questionable permissions? I don't think removing it is appropriate. Logs are never removed by packages. > Is etch still even supported? Yes, security support ends in February next year. > I'm not running > etch, but if someone else is, perhaps they can test my releases? > I don't have a machine with etch at hand, but I guess I still have a vm with acpid installed on another machine. > What would you like me to do? > I think the best approach is to prepare uploads for unstable and stable (via stable-proposed-updates) fixing the permissions of the file, and an upload for oldstable (via oldstable-security) that fixes both the permissions and the open(2) call. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
