[Logcheck-devel] Bug#392637: logcheck: unsafe code for /etc/aliases handling in postrm

Henrique de Moraes Holschuh hmh at debian.org
Thu Oct 12 16:52:46 UTC 2006


Package: logcheck
Version: 1.2.47
Severity: important

While adding /etc/aliases handling code to amavisd-new myself, I noticed
that logcheck has code that doesn't look very safe.

First, it does the wrong thing if a symlink is in use.

Second, it runs on remove, when it probably should run on purge, only.

Here's the code I am using in amavisd-new (note that this is NOT a patch
for logcheck :p ):


--- debian/amavisd-new.postinst	9 Jun 2006 03:42:01 -0000	1.17
+++ debian/amavisd-new.postinst	12 Oct 2006 16:33:06 -0000
@@ -95,6 +95,17 @@
 		chown -R --preserve-root --quiet ${mode} "$i"
 	done
 
+	# add amavis: root entry to aliases, if none exist
+	if [ -f /etc/aliases ] || [ -L /etc/aliases ]; then
+		if ! grep -qi "^amavis[[:blank:]]*:" /etc/aliases; then
+			echo "amavis: root" >> /etc/aliases
+			newaliases=$(which newaliases)
+			if [ "$newaliases" ] && [ -x "$newaliases" ]; then
+				newaliases || true
+			fi
+		fi
+	fi
+
 	#
 	# Conffile upgrade handling
 	#

--- debian/amavisd-new.postrm	17 Apr 2006 12:57:55 -0000	1.9
+++ debian/amavisd-new.postrm	12 Oct 2006 16:33:06 -0000
@@ -26,6 +26,20 @@
 		db_purge || true
 		db_stop || true
 	}
+
+	# remove amavis from /etc/aliases
+	# base code stolen from logcheck package
+	if [ -f /etc/aliases ] || [ -L /etc/aliases ]; then
+		TMPFILE=$(mktemp) && {
+			grep -v "^amavis[[:blank:]]*:" /etc/aliases > "${TMPFILE}" && \
+				cat "${TMPFILE}" > /etc/aliases && \
+				rm -rf "${TMPFILE}"
+			newaliases=$(which newaliases)
+			if [ $newaliases ] && [ -x $newaliases ]; then
+				newaliases || true
+			fi
+		}
+	fi
  
 	for i in /var/lib/amavis /var/lib/amavis/db /var/lib/amavis/tmp \
 		 /var/lib/amavis/virusmails /var/run/amavis

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.29-debian13+bluesmoke+lm85
Locale: LANG=pt_BR.ISO-8859-1, LC_CTYPE=pt_BR.ISO-8859-1 (charmap=ISO-8859-1)

Versions of packages logcheck depends on:
ii  adduser                      3.97        Add and remove users and groups
ii  cron                         3.0pl1-97   management of regular background p
ii  debconf [debconf-2.0]        1.5.5       Debian configuration management sy
ii  grep                         2.5.1.ds2-5 GNU grep, egrep and fgrep
ii  lockfile-progs               0.1.10      Programs for locking and unlocking
ii  logtail                      1.2.47      Print log file lines that have not
ii  mailutils [mailx]            1:1.0-1     GNU mailutils utilities for handli
ii  postfix [mail-transport-agen 2.3.3-2     A high-performance mail transport 
ii  sysklogd [system-log-daemon] 1.4.1-20    System Logging Daemon

Versions of packages logcheck recommends:
ii  logcheck-database             1.2.47     database of system log rules for t

-- debconf information excluded

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh





More information about the Logcheck-devel mailing list