[Adduser-devel] Bug#430637: adduser: Incorrect mode when deluser generate archives

[Vincent Danjean]

Package: adduser
Version: 3.103
Severity: important
Tags: patch

When generating a archive (BACKUP = 1) with deluser, the perl program
set the umask to 600 (decimal number, = 01130 in octal) instead of 0600
(octal number). This lead to an archive with the permissions set to
---x-wx--T

You must change the "chmod 600" to "chmod 0600" in /usr/sbin/deluser

I set the severity to important because this can have security issues
(but I'm not sure of that)

  Best regards,
    Vincent


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.22-rc5-686 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages adduser depends on:
ii  cdebconf [debconf-2.0]      0.116        Debian Configuration Management Sy
ii  debconf [debconf-2.0]       1.5.13       Debian configuration management sy
ii  passwd                      1:4.0.18.1-9 change and administer password and
ii  perl-base                   5.8.8-7      The Pathologically Eclectic Rubbis

adduser recommends no packages.

-- debconf information:
* adduser/homedir-permission: true