Your message dated Tue, 27 Jan 2009 20:01:58 GMT
with message-id <[email protected]>
and subject line slocate has been removed from Debian, closing #282355
has caused the Debian Bug report #282355,
regarding slocate has been installed with a wrong group (conflict with NIS)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
282355: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=282355
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: slocate
Version: 2.7-4
Severity: grave
Justification: user security hole
The slocate package has been installed with a wrong group, apparently
due to a conflict with NIS:
dixsept:~# ls -l /usr/bin/slocate /var/lib/slocate/slocate.db
-rwxr-sr-x 1 root fax 27064 Sep 14 07:48 /usr/bin/slocate
-rw-r----- 1 root fax 2217900 Nov 21 16:51 /var/lib/slocate/slocate.db
dixsept:~# grep fax /etc/group
fax:x:21:
dixsept:~# ypmatch slocate group
slocate:*:21:root # pour linux
dixsept:~# grep ^group: /etc/nsswitch.conf
group: files nis
It seems that the slocate installation script thought that the slocate
group already existed since it is a NIS group. But the corresponding
gid is already used in /etc/group (Debian doesn't seem to have a way
to avoid that). The consequence is that potential users added to group
fax will be able to read private data from the slocate database.
Moreover slocate can't be completely removed:
[...]
Removing group `slocate'...
groupdel: error removing group entry
groupdel: error removing shadow group entry
/usr/sbin/delgroup: `/usr/sbin/groupdel slocate' returned error code 10.
Aborting.
dpkg: error processing slocate (--remove):
subprocess post-removal script returned error exit status 10
chown: cannot access `/usr/bin/slocate': No such file or directory
dpkg: error while cleaning up:
subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
slocate
E: Sub-process /usr/bin/dpkg returned an error code (1)
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8
Locale: LANG=POSIX, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1)
Versions of packages slocate depends on:
ii adduser 3.59 Add and remove users and groups
ii dpkg 1.10.25 Package maintenance system for Deb
ii libc6 2.3.2.ds1-18 GNU C Library: Shared libraries an
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 3.1-1.1+rm
The slocate package has been removed from Debian testing, unstable and
experimental, so I am now closing the bugs that were still opened
against it.
For more information about this package's removal, read
http://bugs.debian.org/457565 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
Kind regards,
--
Marco Rodrigues
--- End Message ---
