On Wed, May 14, 2008 at 09:33:36PM +0200, Matthias Klose wrote: > Package: libuuid1 > Version: 1.40.8-2 > Severity: serious > > from the postinst: > > if ! grep -q libuuid /etc/passwd; then > > directly grepping /etc/passwd looks suspicious.
OK, but why is this a "serious" bug? Grepping /etc/passwd isn't a violation of policy.... Using getent instead of grepping /etc/passwd would suppress adding a local group if libuuid were defined in Yellow Pages, I suppose. But having an extra entry in /etc/passwd is hardly the end of the world. > why isn't the call to groupadd guarded as well? If the user id already exists in /etc/passwd, useradd will exit with an error, causing the post-install script to fail. Groupadd doesn't fail with an error if the group already exists. Hence, it was not necessary to guard the call to groupadd. - Ted -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]