On Wed, May 14, 2008 at 09:33:36PM +0200, Matthias Klose wrote:
> Package: libuuid1
> Version: 1.40.8-2
> Severity: serious
>
> from the postinst:
> > if ! grep -q libuuid /etc/passwd; then
>
> directly grepping /etc/passwd looks suspicious.
OK, but why is this a "serious" bug? Grepping /etc/passwd isn't a
violation of policy....
Using getent instead of grepping /etc/passwd would suppress adding a
local group if libuuid were defined in Yellow Pages, I suppose. But
having an extra entry in /etc/passwd is hardly the end of the world.
> why isn't the call to groupadd guarded as well?
If the user id already exists in /etc/passwd, useradd will exit with
an error, causing the post-install script to fail.
Groupadd doesn't fail with an error if the group already exists.
Hence, it was not necessary to guard the call to groupadd.
- Ted
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
