Bug#644883: libreoffice-core: creates hidden file in /usr

Mon, 10 Oct 2011 11:51:15 -0700 

Rene Engelhard wrote:

> severity 644883 minor
> tag 644883 + wontfix
> thanks
> 
> On Mon, Oct 10, 2011 at 08:58:07AM +0200, Rene Engelhard wrote:
> > On Mon, Oct 10, 2011 at 12:30:45AM -0400, Michael Gilbert wrote:
> > > libreoffice has a hidden file in /usr, which is flagged as suspicious
> > > by chkrootkit.  See /usr/lib/libreoffice/basis3.4/program/.services.rdb.
> > > There is also /usr/lib/libreoffice/basis3.4/program/services.rdb, which
> > > looks similar, but differs.
> > 
> > And the latter is created from the former.
> 
> To be precide: here:
> 
> http://anonscm.debian.org/gitweb/?p=pkg-openoffice/libreoffice.git;a=blob;f=shell-lib-components.sh;h=c08751cd0584bcf1758a83d9a20eb69e4000d125;hb=HEAD:
> 
>   44 update_services_rdb() {
>   45         if [ -f /@OOBASISDIR@/program/.services.rdb ]; then
>   46                 echo "Updating services.rdb..."
>   47                 rdb="`echo /@OOBASISDIR@/program | sed -e 
> s/usr/var/`/services.rdb"
>   48                 if [ -d /@OOBASISDIR@/registered-components ]; then
>   49                         cat /@OOBASISDIR@/program/.services.rdb \
>   50                                 | sed -e "s#</components>##" \
>   51                                 > $rdb
>   52                         for c in 
> /@OOBASISDIR@/registered-components/*.component; do \
>   53                                 tail -n 1 $c \
>   54                                 | sed -e 's#<component 
> xmlns="http://openoffice.org/2010/uno-components"#<component#'\
>   55                                 >> $rdb; \
>   56                         done
>   57                         perl -pi -e "s/\n//" $rdb
>   58                         sed -i 's#$#</components>#' $rdb
>   59                 else
>   60                         cp /@OOBASISDIR@/program/.services.rdb $rdb
>   61                 fi
>   62                 echo "done."
>   63         fi
>   64 }
> 
> to register some optional components in the "registry" file. .services.rdb
> is the "origiaal" files in LibO without them and services.rdb ais that +
> eventually installed optional stuff.
> 
> > This ia a bug why?
> 
> This still holds. Just because chkrootkit warns? No, don't believe that.
> And if you  don't like this, propose something else.

Because it produces a false positive in security auditing tools, and
that will unnecessarily worry less savvy users.  Also, it is very
non-standard and unexpected behavior to find hidden files outside
of /home that you had not explicitly created yourself.

Why can't it be called services.rdb.orig, services.rdb.upstream,
services.rdb.default, or something more useful/descriptive and not
hidden?

If that seems ok, I will create a patch and remove the wontfix.

Best wishes,
Mike



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to