Bug 174050 - pam_listfile should look at symlink target not symlink itself
Summary: pam_listfile should look at symlink target not symlink itself
Alias: None
Product: Fedora
Classification: Fedora
Component: pam   
(Show other bugs)
Version: rawhide
Hardware: i386 Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2005-11-24 01:20 UTC by JW
Modified: 2008-01-28 15:05 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-28 15:05:44 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
pam_listfile changed to look at target file rather than system-flexibility-enhancing symlink which isn't any possible security hazard anyhow (902 bytes, patch)
2005-11-24 01:21 UTC, JW
no flags Details | Diff

Description JW 2005-11-24 01:20:29 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; MSIE 6.0; Windows; U; AIIEEEE!; Win98; Windows 98; en-US; Gecko masquerading as IE; should it matter?; rv:1.8b) Gecko/20050217

Description of problem:
pam_listfile refuses to work with symbolic links.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.ln -s /somewhere/ftpusers /etc/vsftpd/ftpusers 

Actual Results:  access denied

Expected Results:  normal ftp access should be possible

Additional info:

pam_listfile erroneously treats symbolic link as something worthy of its attention rather than what the symbolic link points to.

Comment 1 JW 2005-11-24 01:21:40 UTC
Created attachment 121432 [details]
pam_listfile changed to look at target file rather than system-flexibility-enhancing symlink which isn't any possible security hazard anyhow

Comment 2 Christian Iseli 2007-01-20 00:29:07 UTC
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?


Comment 3 JW 2007-01-20 00:36:39 UTC
A patch has already been submitted.

So some lazy person who is in charge of this bug hasn't even bothered to look at
the patch. Instead they wait a few months then eradicate a perfectly good patch
with some lame 'EOL' nonsense.

When will people learn?!  Never, if they don't even try.

Comment 4 JW 2007-01-20 00:42:28 UTC
But given that this bug has already been assigned, I am not sure who gave
Christian Iseli the right to go around lamely setting NEEDINFO on bugs.

Whoever decided that FC4 should be EOL'd should first port all open bugs to the
latest release.  How can something that is still very much alive be EOL'd?

Comment 5 Tomas Mraz 2007-01-21 21:29:21 UTC
Well this kind of bugs or rather (mis?)features would be better resolved
upstream first.
For PAM: http://sourceforge.net/projects/pam

Comment 6 JW 2007-01-21 23:18:07 UTC
Imaging you bought a Toyota car and when it developed a problem with a component
you were told "The problem with nut working lose is best resolved by contacting
Ko-shing Nut Company".

If I was procuring 1000's programs and a kernel as separate parts that I
assembled myself then your suggestion would make sense.

However I have procured one product, Fedora Linux, and I have reported a bug to
the vendor.  It is up to the vendor to do something about it.  It doesn't make
sense for the vendor to say "Go away; nothing to do with us; have a nice day".

Comment 7 Tomas Mraz 2007-01-22 12:36:08 UTC
Yes of course, on the other hand Fedora is a community developed distribution
which you've got for free and there is nothing wrong with politely asking you to
help a little with developing it if just by reporting a misfeature of a
component to proper upstream.


Comment 8 JW 2007-01-22 12:45:58 UTC
I never got it for free.  I had to pay with the stress of installing it, the
additional stress of fixing bugs that have propagated from version to version
(because nobody seems to fix them - current instance included), and the
additional  stress of having contemplate the philosophical question "... if it
is so good then why doesn't it cost even one single dollar?"

Note You need to log in before you can comment on or make changes to this bug.