Your message dated Sun, 19 Dec 2010 20:39:49 +0000
with message-id <[email protected]>
and subject line Bug#607129: fixed in vsftpd 2.3.2-7
has caused the Debian Bug report #607129,
regarding vsftpd should not use grep in checking for group and user
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
607129: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607129
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: vsftpd
Version: 2.3.2-6
Severity: wishlist
vsftpd.postinst does
if ! getent passwd | grep -q "^${_USERNAME}:"
and
elif ! getent group | grep -q "^${_USERNAME}:
the grep could potentiall hit a false positive due to its interpretation
of "${_USERNAME}" as a regular expression. For example, _USERNAME could
be "ftp.user" which would then match "ftp_user" also.
This is mostly an edge case, but a '.' is allowable in unix user names.
The other small benefit of not using grep is avoiding a fork for some
minuscule performance benefit.
Instead of the grep, let 'getent' do the match for you:
- if ! getent passwd | grep -q "^${_USERNAME}:"
+ if ! getent passwd "${_USERNAME}"
and
- elif ! getent group | grep -q "^${_USERNAME}:
+ elif ! getent group "${USERNAME}"
This was brought up under ubuntu bug 629234
(https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/629234)
-- System Information:
Debian Release: squeeze/sid
APT prefers natty-updates
APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.37-8-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: vsftpd
Source-Version: 2.3.2-7
We believe that the bug you reported is fixed in the latest version of
vsftpd, which is due to be installed in the Debian FTP archive:
vsftpd_2.3.2-7.debian.tar.gz
to main/v/vsftpd/vsftpd_2.3.2-7.debian.tar.gz
vsftpd_2.3.2-7.dsc
to main/v/vsftpd/vsftpd_2.3.2-7.dsc
vsftpd_2.3.2-7_i386.deb
to main/v/vsftpd/vsftpd_2.3.2-7_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Daniel Baumann <[email protected]> (supplier of updated vsftpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 19 Dec 2010 20:45:15 +0100
Source: vsftpd
Binary: vsftpd
Architecture: source i386
Version: 2.3.2-7
Distribution: experimental
Urgency: low
Maintainer: Daniel Baumann <[email protected]>
Changed-By: Daniel Baumann <[email protected]>
Description:
vsftpd - lightweight, efficient FTP server written for security
Closes: 607129
Changes:
vsftpd (2.3.2-7) experimental; urgency=low
.
* Improving user checks with getent in postinst scripts, thanks to
Scott Moser <[email protected]> (Closes: #607129).
Checksums-Sha1:
7bc55d74d3ecee251e70c73f90127905a354c886 1293 vsftpd_2.3.2-7.dsc
2879f1ab869737476b689fc91195acaf17e28675 25099 vsftpd_2.3.2-7.debian.tar.gz
072f4afeb1ae458263b30a67d299b88792d76695 141968 vsftpd_2.3.2-7_i386.deb
Checksums-Sha256:
d014e9df670eada1c1da08add3873fa007eb6426136bc6d6318a8cf9e80ca579 1293
vsftpd_2.3.2-7.dsc
9388c871a72ccf89bf1f2c3239b9cd2381d5a0f8fdbba3deb739645088d82054 25099
vsftpd_2.3.2-7.debian.tar.gz
6feaf261364603241494d2b5de93e623f725f48c0144f678aaf7601feeb31951 141968
vsftpd_2.3.2-7_i386.deb
Files:
68968a47a29e3375fea9bae7ba786633 1293 net extra vsftpd_2.3.2-7.dsc
dcdadfe18025220440666bc788da5330 25099 net extra vsftpd_2.3.2-7.debian.tar.gz
4c429a58c5860c51b353886717bbd0af 141968 net extra vsftpd_2.3.2-7_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk0OYigACgkQ+C5cwEsrK55/hgCfZnjQi2Lu3CYhnAJ2cL33XeCt
xjkAoNX4iRYn/fSp5Ag+gP++eYh0SS/W
=/qqk
-----END PGP SIGNATURE-----
--- End Message ---
