Bug 430308

Summary: libsmi spec file is missing %defattr
Product: Red Hat Enterprise Linux 4 Reporter: Ralph Angenendt <ralph+rh-bugzilla>
Component: wiresharkAssignee: Radek Vokál <rvokal>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: 4.6CC: herrold, mattdm
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-12 13:00:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ralph Angenendt 2008-01-25 23:29:04 UTC 
Filing under wireshark because libsmi does not have its own component in bugzilla.

Description of problem:

The libsmi rpm tries to install it files as the build user (mockbuild in CentOS,
brewbuild in RHEL). This looks like a security problem to me if libsmi is
installed on a system where this user is available. It's a nuisance (throwing
errors) on all other systems.

Version-Release number of selected component (if applicable):

libsmi.x86_64 0:0.4.5-2

How reproducible:

Install libsmi

Steps to Reproduce:
1. Install libsmi
2.
3.
  
Actual results:

  Installing: libsmi                       ######################## 
[1/3]warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
  Installing: libsmi                       ######################## 
[1/3]warning: user mockbuild does not exist - using root

Expected results:

No such warnings.

Additional info:

The spec file is missing a %defattr line which would give those files to root.
It's just a small nuisance on systems which don't have this user, but it might
be a security risc on machines where packages are built on.
Comment 1 Ralph Angenendt 2008-01-25 23:32:11 UTC 
This bug has been reported to the CentOS bug tracker
<http://bugs.centos.org/view.php?id=2624>.
Comment 2 Ville Skyttä 2008-01-26 09:09:08 UTC 
Bug 430298 contains a patch.
Comment 3 Ralph Angenendt 2008-01-27 12:40:00 UTC 
libsmi in RHEL 5 has the same problem.
Comment 4 Radek Bíba 2008-05-12 13:00:28 UTC 
Already fixed in Fastrack. The fixed package will be available in 4.7, too.

*** This bug has been marked as a duplicate of 429669 ***