Red Hat Bugzilla – Bug 174050
pam_listfile should look at symlink target not symlink itself
Last modified: 2008-01-28 10:05:44 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows; U; AIIEEEE!; Win98; Windows 98; en-US; Gecko masquerading as IE; should it matter?; rv:1.8b) Gecko/20050217
Description of problem:
pam_listfile refuses to work with symbolic links.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.ln -s /somewhere/ftpusers /etc/vsftpd/ftpusers
Actual Results: access denied
Expected Results: normal ftp access should be possible
pam_listfile erroneously treats symbolic link as something worthy of its attention rather than what the symbolic link points to.
Created attachment 121432 [details]
pam_listfile changed to look at target file rather than system-flexibility-enhancing symlink which isn't any possible security hazard anyhow
This report targets the FC3 or FC4 products, which have now been EOL'd.
Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?
A patch has already been submitted.
So some lazy person who is in charge of this bug hasn't even bothered to look at
the patch. Instead they wait a few months then eradicate a perfectly good patch
with some lame 'EOL' nonsense.
When will people learn?! Never, if they don't even try.
But given that this bug has already been assigned, I am not sure who gave
Christian Iseli the right to go around lamely setting NEEDINFO on bugs.
Whoever decided that FC4 should be EOL'd should first port all open bugs to the
latest release. How can something that is still very much alive be EOL'd?
Well this kind of bugs or rather (mis?)features would be better resolved
For PAM: http://sourceforge.net/projects/pam
Imaging you bought a Toyota car and when it developed a problem with a component
you were told "The problem with nut working lose is best resolved by contacting
Ko-shing Nut Company".
If I was procuring 1000's programs and a kernel as separate parts that I
assembled myself then your suggestion would make sense.
However I have procured one product, Fedora Linux, and I have reported a bug to
the vendor. It is up to the vendor to do something about it. It doesn't make
sense for the vendor to say "Go away; nothing to do with us; have a nice day".
Yes of course, on the other hand Fedora is a community developed distribution
which you've got for free and there is nothing wrong with politely asking you to
help a little with developing it if just by reporting a misfeature of a
component to proper upstream.
I never got it for free. I had to pay with the stress of installing it, the
additional stress of fixing bugs that have propagated from version to version
(because nobody seems to fix them - current instance included), and the
additional stress of having contemplate the philosophical question "... if it
is so good then why doesn't it cost even one single dollar?"