This one time, at band camp, Christian Perrier said: > Quoting Frans Pop ([EMAIL PROTECTED]): > > On Wednesday 21 June 2006 22:26, you wrote: > > > However, I think the issue is not present in the 4.0.16 versions > > > (according to my tests and according to the code). > > > > > > Can somebody else confirm? > > > > Confirmed. If I do a new install of unstable, the mail spool dir is clean. > > > So, this is probably because there were some differences in the patch > we temporarily applied in Debian to cover the security issue > supposedly fixed by 4.0.15-10 and the one that was really applied by > Tomasz in 4.0.16. > > Hence, closing the bug with "Version: 4.0.16-1" seems fair. > > 4.0.16-2 is now in testing anyway.
[EMAIL PROTECTED]:~/source/shadow-4.0.16$ head -n 1 debian/changelog
shadow (1:4.0.16-2) unstable; urgency=low
[EMAIL PROTECTED]:~/source/shadow-4.0.16$ grep -B 17 fchown src/useradd.c
fd = open (file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0);
if (fd < 0) {
perror (_("Creating mailbox file"));
return;
gr = getgrnam ("mail");
if (!gr) {
fprintf (stderr,
_
("Group 'mail' not found. Creating the
user mailbox file with 0600 mode.\n"));
gid = user_gid;
mode = 0600;
} else {
gid = gr->gr_gid;
mode = 0660;
}
if (fchown (fd, user_id, gid) || fchmod (fd, mode))
The bug is present in 1:4.0.16-2. Unless I'm missing something?
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : [EMAIL PROTECTED] |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
signature.asc
Description: Digital signature
