Bug 617640
Summary: | Warning on install: user mockbuild does not exist | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Christopher Beland <beland> |
Component: | xorg-x11-xinit | Assignee: | X/OpenGL Maintenance List <xgl-maint> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | urgent | Docs Contact: | |
Priority: | high | ||
Version: | 12 | CC: | cebbert, chkr, djh, dominik, ffesti, james.antill, jpazdziora, mattdm, maxamillion, m.a.young, mcepl, pmatilai, rc040203, tim.lauridsen, xgl-maint |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | xorg-x11-xinit-1.0.9-18.fc12 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-09-01 03:28:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Christopher Beland
2010-07-23 15:41:37 UTC
Moving to yum component, but I doubt there is some real issue here. Is there something broken or is it just that these warnings are confusing? If nothing is broken, there should be no warnings or errors. something in that package is owned by the user mockbuild. That user doesn't exist on your system so rpm can't chown the files to it. hence the warning. so: 1. the message is coming from rpm(rpm-lib) 2. this is a problem in the package. (In reply to comment #2) > If nothing is broken, there should be no warnings or errors. I am sorry, bad wording of my question, I meant whether you can observe some other problem with this package, or is it only warnings happening? I am seeing this as well. What it means is that the files (/usr/bin/ck-xinit-session /usr/bin/startx /usr/bin/xinit) have been packaged as owned by mockbuild, which is wrong - see rpm -qlv x11-org-xinit or rpm -qlvp x11-xorg-xinit-1.0.9-16.fc12.i386.rpm . In x11-xorg-xinit-1.0.9-14.fc12.i386.rpm the files were packaged to be owned by root which is more sensible. What that means is that if there isn't a mockbuild user on the system installing the package then the system installs the files as owned by root so the only problem is the annoying warnings. If however there is a mockbuild user then the files will be owned by that user, which means that that user can do evil things to those files so it is a security risk. As a side effect, the installed package doesn't pass rpm -V: $ rpm -V xorg-x11-xinit .....U... /usr/bin/ck-xinit-session .....U... /usr/bin/startx .....U... /usr/bin/xinit .....U... /usr/libexec/xinit-compat This could trip up some intrusion detection systems. These lines in the spec file seem to be the problem: %attr(755,-,root) %{_bindir}/startx %attr(755,-,root) %{_bindir}/xinit %attr(755,-,root) %{_bindir}/ck-xinit-session %attr(755,-,root) %{_libexecdir}/xinit-compat Here you didn't set the owner, so rpm used current user (mockbuild under mock) instead. Please replace '-' with 'root' above and all will be well. Matěj, the .spec is clearly wrong, as pointed out in comment 6. Clearing the needinfo. Or is any other info needed? Note that at least bug 623702 and bug 623912 seem to be talking about the same issue, so people notice this and we might want to bump up the priority of this bugzilla and get new package respinned. *** Bug 623702 has been marked as a duplicate of this bug. *** *** Bug 623912 has been marked as a duplicate of this bug. *** Wrong file ownership can lead to serious security issues, and this is a minor change. I'm a little disturbed that the packager doesn't understand the issue here. Still unfixed, setting Security keyword in order to draw more attention. xorg-x11-xinit-1.0.9-18.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/xorg-x11-xinit-1.0.9-18.fc12 xorg-x11-xinit-1.0.9-18.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/xorg-x11-xinit-1.0.9-18.fc13 xorg-x11-xinit-1.0.9-18.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/xorg-x11-xinit-1.0.9-18.fc14 (In reply to comment #11) > Still unfixed, setting Security keyword in order to draw more attention. Please, don't do it ... catch me on #fedora-bugzappers, send me personal email, or something, but please don't misuse Security keyword for pinging me (although this might theoretically be security related). xorg-x11-xinit-1.0.9-18.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update xorg-x11-xinit'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/xorg-x11-xinit-1.0.9-18.fc13 xorg-x11-xinit-1.0.9-18.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. xorg-x11-xinit-1.0.9-18.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report. xorg-x11-xinit-1.0.9-18.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. |