Henrique de Moraes Holschuh
2006-Oct-12 16:52 UTC
[Logcheck-devel] Bug#392637: logcheck: unsafe code for /etc/aliases handling in postrm
Package: logcheck
Version: 1.2.47
Severity: important
While adding /etc/aliases handling code to amavisd-new myself, I noticed
that logcheck has code that doesn't look very safe.
First, it does the wrong thing if a symlink is in use.
Second, it runs on remove, when it probably should run on purge, only.
Here's the code I am using in amavisd-new (note that this is NOT a patch
for logcheck :p ):
--- debian/amavisd-new.postinst 9 Jun 2006 03:42:01 -0000 1.17
+++ debian/amavisd-new.postinst 12 Oct 2006 16:33:06 -0000
@@ -95,6 +95,17 @@
chown -R --preserve-root --quiet ${mode} "$i"
done
+ # add amavis: root entry to aliases, if none exist
+ if [ -f /etc/aliases ] || [ -L /etc/aliases ]; then
+ if ! grep -qi "^amavis[[:blank:]]*:" /etc/aliases; then
+ echo "amavis: root" >> /etc/aliases
+ newaliases=$(which newaliases)
+ if [ "$newaliases" ] && [ -x "$newaliases" ];
then
+ newaliases || true
+ fi
+ fi
+ fi
+
#
# Conffile upgrade handling
#
--- debian/amavisd-new.postrm 17 Apr 2006 12:57:55 -0000 1.9
+++ debian/amavisd-new.postrm 12 Oct 2006 16:33:06 -0000
@@ -26,6 +26,20 @@
db_purge || true
db_stop || true
}
+
+ # remove amavis from /etc/aliases
+ # base code stolen from logcheck package
+ if [ -f /etc/aliases ] || [ -L /etc/aliases ]; then
+ TMPFILE=$(mktemp) && {
+ grep -v "^amavis[[:blank:]]*:" /etc/aliases >
"${TMPFILE}" && \
+ cat "${TMPFILE}" > /etc/aliases && \
+ rm -rf "${TMPFILE}"
+ newaliases=$(which newaliases)
+ if [ $newaliases ] && [ -x $newaliases ]; then
+ newaliases || true
+ fi
+ }
+ fi
for i in /var/lib/amavis /var/lib/amavis/db /var/lib/amavis/tmp \
/var/lib/amavis/virusmails /var/run/amavis
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.29-debian13+bluesmoke+lm85
Locale: LANG=pt_BR.ISO-8859-1, LC_CTYPE=pt_BR.ISO-8859-1 (charmap=ISO-8859-1)
Versions of packages logcheck depends on:
ii adduser 3.97 Add and remove users and groups
ii cron 3.0pl1-97 management of regular background p
ii debconf [debconf-2.0] 1.5.5 Debian configuration management sy
ii grep 2.5.1.ds2-5 GNU grep, egrep and fgrep
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logtail 1.2.47 Print log file lines that have not
ii mailutils [mailx] 1:1.0-1 GNU mailutils utilities for handli
ii postfix [mail-transport-agen 2.3.3-2 A high-performance mail transport
ii sysklogd [system-log-daemon] 1.4.1-20 System Logging Daemon
Versions of packages logcheck recommends:
ii logcheck-database 1.2.47 database of system log rules for t
-- debconf information excluded
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh