[2097] in linux-security and linux-alert archive
[linux-security] Re: interactions between OPIE-ftpd and RH5.2
daemon@ATHENA.MIT.EDU (Tony Nugent)
Sat Dec 5 03:31:12 1998
To: linux-security@redhat.com
In-Reply-To: message-id <19981204091619.A26417@baz.org>
of Fri, Dec 04 09:16:19 1998
Date: Sat, 05 Dec 1998 12:10:52 +1000
From: Tony Nugent <Tony.Nugent@usq.edu.au>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Fri Dec 04 1998 at 09:16, Truckstop Psychic wrote:
> > Any change to /etc/shells after the upgrade?
> As it turns out... Yes.
> Discovered this last night, and should have caught it sooner -- it's a
> pretty distinct error condition.
> Now, why a package upgrade would change /etc/shells and *not* leave a
> distinct .rpmsave file behind it, I'm not certain -- but that's more a
> problem/misunderstanding with rpm than an honest to pete security issue,
> I'm guessing.
/etc/shells can be very tricky as so many "unlikely" programs use it - ftpd
is a classic example... we were having all sort of hassles with it until,
of all things, /etc/shells was tweaked to reflect the "non-standard"
location of the login shells of users on a box yp'ing and nfs'ing off a
server.
If this is happening with the OPIE-ftpd package (I don't know it myself),
then it is an rpm package problem and the person who maintains this package
should be told about this.
There is a way in the %files section of the .spec file to specify files
that should be .rpmsave'd -- from (my rusty) memory, I think they should
be specified as %config files - I don't have my copy of MaximumRPM with me
at the moment.
Cheers
Tony
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null
