[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debhelper & /usr/bin/passwd



Ossama Othman wrote:
> Hi Mitch,
> 
> > Could you please post the version(s) you have and which mirror you
> > got it from?
> 
> Sure!  chsh and chfn were also in debhelper!  I got debhelper using
> dselect/apt.  Here is all the info you requested:
> 
> % cat /etc/apt/sources.list
> deb http://http.us.debian.org/debian unstable main contrib non-free
> deb http://non-us.debian.org/debian-non-US unstable non-US
> 
> % dpkg -l debhelper
> ii  debhelper       1.2.28         helper programs for debian/rules
> 
> % dpkg --listfiles debhelper | grep /usr/bin/
> /usr/bin/dh_builddeb
> /usr/bin/dh_clean
> /usr/bin/dh_compress
> /usr/bin/dh_du
> /usr/bin/dh_fixperms
> /usr/bin/dh_gencontrol
> /usr/bin/dh_installchangelogs
> /usr/bin/dh_installcron
> /usr/bin/dh_installdeb
> /usr/bin/dh_installdebfiles
> /usr/bin/dh_installdirs
> /usr/bin/dh_installdocs
> /usr/bin/dh_installexamples
> /usr/bin/dh_installinit
> /usr/bin/dh_installmanpages
> /usr/bin/dh_installmenu
> /usr/bin/dh_makeshlibs
> /usr/bin/dh_md5sums
> /usr/bin/dh_movefiles
> /usr/bin/dh_shlibdeps
> /usr/bin/dh_strip
> /usr/bin/dh_suidregister
> /usr/bin/dh_testdir
> /usr/bin/dh_testroot
> /usr/bin/dh_testversion
> /usr/bin/dh_undocumented
> /usr/bin/dh_debstd
> /usr/bin/dh_installemacsen
> /usr/bin/dh_installwm
> /usr/bin/dh_link
> /usr/bin/dh_listpackages
> /usr/bin/passwd
> /usr/bin/chsh
> /usr/bin/chfn
> 
> Okay, I think we can be pretty sure the last three entries don't belong
> there.  What do you think is the problem?

Well, I got the deb and source and dsc from the mirror you pointed out,
and it _does_ have these files as symlinks in them pointing to
sysdb-wrapper.

It doesn't look like a trojan (this weeks hot topic) because his pgp sig
matches the md5sum of the tarfile, and the tarfile reproduces the symlinks
in the resulting deb.

So, I would just treat it as a bug.  Please file a critical bug report
against this package, or let me know if you don't and I will file it.

I would downgrade your debhelper to 1.2.27 and reinstall the passwd
package.  Thanks for finding this bug.

-Mitch

Attachment: pgpehNHoF1Jik.pgp
Description: PGP signature


Reply to: