First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 58315
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Daniel Black <dragonheart@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Antonio <netbix@tiscali.it>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 58315 depends on: Show dependency tree
Show dependency graph
Bug 58315 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-07-25 10:00 0000 
Ebuild of wwwoffle-2.8b is bad:

.....
....
....
# keep spool
keepdir /var/spool/wwwoffle/{http,outgoing,monitor,lasttime,prevtime1,lastout,local}  <-------- This is error !!!
.....
......
......

correct is:

# keep spool
keepdir /var/spool/wwwoffle/{http,outgoing,monitor,lasttime,prevtime[1-9],prevout[1-9]lastout,lastout,local}

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

------- Comment #1 From Antonio 2004-07-25 10:08:00 0000 ------- 
Sorry, this is real correct:

.....
....
....
# keep spool
keepdir /var/spool/wwwoffle/{http,outgoing,monitor,lasttime,prevtime1,lastout,local}  <-------- This is error !!!
.....
......
......
chown -R wwwoffle:wwwoffle \      ${D}/var/spool/wwwoffle/{http,outgoing,monitor,lasttime,prevtime[1-9],prevout[1-9]lastout,local} \
........
.......
....

correct is:

# keep spool
keepdir /var/spool/wwwoffle/{http,outgoing,monitor,lasttime,prevtime[1-9],prevout[1-9],lastout,local}
......
......
.....
chown -R wwwoffle:wwwoffle \
        ${D}/var/spool/wwwoffle/{http,outgoing,monitor,lasttime,prevtime[1-9],prevout[1-9],lastout,local} \
........
..........
........

------- Comment #2 From Daniel Black 2004-07-27 06:22:20 0000 ------- 
Fixed - thanks for the bug report.

------- Comment #3 From Antonio 2004-07-27 10:26:19 0000 ------- 
I reopen the Bug for this:

The line:

......
.....
.....
einfo "wwwoffled should run as an ordinary user now. Please change run-u
id and run-gid to wwwoffle in"
einfo "your /etc/wwwoffle/wwwoffle.conf"



1) But the wwwoffle.conf is located in /etc and not in /etc/wwwoffle.

This is correct or not ?

2) The run-uid and run-gid is obligatorily to change ?

------- Comment #4 From Daniel Black 2004-07-27 18:57:55 0000 ------- 
1. - Your correct - fixed.

2.I'm going to make the ebuild change the install to use the group/user wwwoffled. This is for your own security. With wwwoffle running as root and the amount of parsing of user and web page data that is undertaken, a parse error could result in arbituary execution of code by a local user or a malicious web site. You best protection for this is to reduce the privledges under with wwwoffled is run.

If you want to change this after installation fine however I'm going to make this ebuild offer the a reasonable level of security to the default users.

Also changed in this version I use a convert config script provided by the author to update the configuration files from the previous versions. If you don't want this to happen be careful about automergeing in etc-update.

Thankyou for the help in fixing these errors.
First Last Prev Next    No search results available      Search page      Enter new bug