From Bugzilla Helper: User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows; U; AIIEEEE!; Win98; Windows 98; en-US; Gecko masquerading as IE; should it matter?; rv:1.8b) Gecko/20050217 Description of problem: pam_listfile refuses to work with symbolic links. Version-Release number of selected component (if applicable): pam-0.79-9.6 How reproducible: Always Steps to Reproduce: 1.ln -s /somewhere/ftpusers /etc/vsftpd/ftpusers 2.ftp 3. Actual Results: access denied Expected Results: normal ftp access should be possible Additional info: pam_listfile erroneously treats symbolic link as something worthy of its attention rather than what the symbolic link points to.
Created attachment 121432 [details] pam_listfile changed to look at target file rather than system-flexibility-enhancing symlink which isn't any possible security hazard anyhow
This report targets the FC3 or FC4 products, which have now been EOL'd. Could you please check that it still applies to a current Fedora release, and either update the target product or close it ? Thanks.
A patch has already been submitted. So some lazy person who is in charge of this bug hasn't even bothered to look at the patch. Instead they wait a few months then eradicate a perfectly good patch with some lame 'EOL' nonsense. When will people learn?! Never, if they don't even try.
But given that this bug has already been assigned, I am not sure who gave Christian Iseli the right to go around lamely setting NEEDINFO on bugs. Whoever decided that FC4 should be EOL'd should first port all open bugs to the latest release. How can something that is still very much alive be EOL'd?
Well this kind of bugs or rather (mis?)features would be better resolved upstream first. For PAM: http://sourceforge.net/projects/pam
Imaging you bought a Toyota car and when it developed a problem with a component you were told "The problem with nut working lose is best resolved by contacting Ko-shing Nut Company". If I was procuring 1000's programs and a kernel as separate parts that I assembled myself then your suggestion would make sense. However I have procured one product, Fedora Linux, and I have reported a bug to the vendor. It is up to the vendor to do something about it. It doesn't make sense for the vendor to say "Go away; nothing to do with us; have a nice day".
Yes of course, on the other hand Fedora is a community developed distribution which you've got for free and there is nothing wrong with politely asking you to help a little with developing it if just by reporting a misfeature of a component to proper upstream. Thanks.
I never got it for free. I had to pay with the stress of installing it, the additional stress of fixing bugs that have propagated from version to version (because nobody seems to fix them - current instance included), and the additional stress of having contemplate the philosophical question "... if it is so good then why doesn't it cost even one single dollar?"