Bug 174050 - pam_listfile should look at symlink target not symlink itself
pam_listfile should look at symlink target not symlink itself
Status: CLOSED UPSTREAM
Product: Fedora
Classification: Fedora
Component: pam (Show other bugs)
rawhide
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-23 20:20 EST by JW
Modified: 2008-01-28 10:05 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-28 10:05:44 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
pam_listfile changed to look at target file rather than system-flexibility-enhancing symlink which isn't any possible security hazard anyhow (902 bytes, patch)
2005-11-23 20:21 EST, JW
no flags Details | Diff

  None (edit)
Description JW 2005-11-23 20:20:29 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows; U; AIIEEEE!; Win98; Windows 98; en-US; Gecko masquerading as IE; should it matter?; rv:1.8b) Gecko/20050217

Description of problem:
pam_listfile refuses to work with symbolic links.


Version-Release number of selected component (if applicable):
pam-0.79-9.6

How reproducible:
Always

Steps to Reproduce:
1.ln -s /somewhere/ftpusers /etc/vsftpd/ftpusers 
2.ftp
3.
  

Actual Results:  access denied


Expected Results:  normal ftp access should be possible


Additional info:

pam_listfile erroneously treats symbolic link as something worthy of its attention rather than what the symbolic link points to.
Comment 1 JW 2005-11-23 20:21:40 EST
Created attachment 121432 [details]
pam_listfile changed to look at target file rather than system-flexibility-enhancing symlink which isn't any possible security hazard anyhow
Comment 2 Christian Iseli 2007-01-19 19:29:07 EST
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 3 JW 2007-01-19 19:36:39 EST
A patch has already been submitted.

So some lazy person who is in charge of this bug hasn't even bothered to look at
the patch. Instead they wait a few months then eradicate a perfectly good patch
with some lame 'EOL' nonsense.

When will people learn?!  Never, if they don't even try.
Comment 4 JW 2007-01-19 19:42:28 EST
But given that this bug has already been assigned, I am not sure who gave
Christian Iseli the right to go around lamely setting NEEDINFO on bugs.

Whoever decided that FC4 should be EOL'd should first port all open bugs to the
latest release.  How can something that is still very much alive be EOL'd?
Comment 5 Tomas Mraz 2007-01-21 16:29:21 EST
Well this kind of bugs or rather (mis?)features would be better resolved
upstream first.
For PAM: http://sourceforge.net/projects/pam
Comment 6 JW 2007-01-21 18:18:07 EST
Imaging you bought a Toyota car and when it developed a problem with a component
you were told "The problem with nut working lose is best resolved by contacting
Ko-shing Nut Company".

If I was procuring 1000's programs and a kernel as separate parts that I
assembled myself then your suggestion would make sense.

However I have procured one product, Fedora Linux, and I have reported a bug to
the vendor.  It is up to the vendor to do something about it.  It doesn't make
sense for the vendor to say "Go away; nothing to do with us; have a nice day".
Comment 7 Tomas Mraz 2007-01-22 07:36:08 EST
Yes of course, on the other hand Fedora is a community developed distribution
which you've got for free and there is nothing wrong with politely asking you to
help a little with developing it if just by reporting a misfeature of a
component to proper upstream.

Thanks.
Comment 8 JW 2007-01-22 07:45:58 EST
I never got it for free.  I had to pay with the stress of installing it, the
additional stress of fixing bugs that have propagated from version to version
(because nobody seems to fix them - current instance included), and the
additional  stress of having contemplate the philosophical question "... if it
is so good then why doesn't it cost even one single dollar?"

Note You need to log in before you can comment on or make changes to this bug.