Your message dated Tue, 27 Jan 2009 20:00:43 GMT
with message-id <[email protected]>
and subject line sfs has been removed from Debian, closing #387546
has caused the Debian Bug report #387546,
regarding /etc/init.d/sfs-client can invoke incorrect path
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
387546: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=387546
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sfs-client
Version: 1:0.8-0+pre20060720.1-1
Severity: normal
At lines 120-121 of /etc/init.d/sfs-client one finds
$0 stop
$0 start
But at line 25, the script executes
cd /var/lib/sfs/
This potentially allows an incorrect script to be run if (for example)
an attacker installed a script called /var/lib/sfs/sfs-client and root
invoked the control script in /etc/init.d/ as ./sfs-client. At line
120 ./ refers to a different directory.
It's also inconvient, since simply executing ./sfs-client fails
because /var/lib/sfs/sfs-client doesn't exist.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages sfs-client depends on:
ii libc6 2.3.6.ds1-4 GNU C Library: Shared libraries
ii libgcc1 1:4.1.1-11 GCC support library
ii libgmp3c2 2:4.2.1+dfsg-4 Multiprecision arithmetic library
ii libsfs0c2 1:0.8-0+pre20060720.1-1 Self-Certifying File System shared
ii libstdc++6 4.1.1-11 The GNU Standard C++ Library v3
ii python 2.4.3-11 An interactive high-level object-o
ii sfs-common 1:0.8-0+pre20060720.1-1 Self-Certifying File System common
sfs-client recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1:0.8-0+pre20060720.1-1.1+rm
The sfs package has been removed from Debian testing, unstable and
experimental, so I am now closing the bugs that were still opened
against it.
For more information about this package's removal, read
http://bugs.debian.org/507036 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
Kind regards,
--
Marco Rodrigues
--- End Message ---
