[Pkg-cups-devel] Bug#544137: why does cups postinst ask for root password?

[Craig Sanders]

Package: cups
Version: 1.3.11-2


apt-get dist-upgrade is running as root (of course - via "sudo su -"),
yet it asks for the root password during upgrade.

this, naturally, makes me very suspicious. there's no reason why it
should need to ask for the root password...and while it's probably just
a mistake in the postinst, it *could* be a trojan asking me to give the
plaintext root password so that it can send it to some script-kiddie.


Setting up cups (1.3.11-2) ...
Installing new version of config file /etc/init.d/cups ...

Configuration file `/etc/cups/cupsd.conf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** cupsd.conf (Y/I/N/O/D/Z) [default=N] ?
Installing new version of config file /etc/cups/cupsd.conf.default ...
Starting Common Unix Printing System: cupsdPassword for root on taz.net.au?
cupsctl: Unauthorized
.


craig

-- 
craig sanders <cas at taz.net.au>