Re: release critical bugs, 51451 (premissions tempfile, ld.so.conf)
On Sun, Dec 12, 1999 at 05:05:55PM +0100, joost witteveen wrote:
> > Package: xaw95g, xaw95, xaw3dg, xaw3d, nextawg, nextaw, libc5, lam2
>
> Does this syntax work? I don't see this bug for libc5, nor did I
> get it for xaw3d*. I only got it for xaw95g.
I was told it would. If not, I need to spread it around :)
> > Severity: important
>
> Are you sure? It only creates problems when root has
> rather strange umask settings.
Root having a umask to prevent all+read is not uncommon. Either way, the
scripts should prevent it from occuring.
> > These programs were found make use of the `tempfile' program while
> > updating ld.so.conf.
> >
> > The problem with this, is that tempfile creates the file using the current
> > umask. So if root installs these packages with a umask of '077', or
> > something similar, then ld.so.conf will end up not being mod 644. This
> > leads to all sorts of problems WRT resolving library dependencies.
> >
> > Please chmod ld.so.conf to mode 644 after replacing the file so as to
> > avoid this.
>
> OK, but I assume I need to do that in 4 packages. And I'm low
> on time for this type of `release critical' bugs (that probably also
> were present in slink). If anyone wants to NMU my packages
> (xaw95*, xaw3d*), then they are welcome.
This "type" of release critical bug has been happening for awhile. Just no
one was able to nail down the origin of the problem. The fact that they
were present before does not lesson the severity of the problem. It causes
systems to become completely unusable, while the actual problem is not
readily apparent.
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org - collinbm@djj.state.va.us - bmc@visi.net '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: