17673 – inconsistency with verify in gnorpm-0.95-1

Bug 17673 - inconsistency with verify in gnorpm-0.95-1

Summary: inconsistency with verify in gnorpm-0.95-1

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	gnorpm
Sub Component:
Version:	6.2
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Alan Cox
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2000-09-19 06:54 UTC by Jeremy Katz
Modified:	2008-05-01 15:37 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2000-09-24 16:20:51 UTC
Embargoed:

Attachments	(Terms of Use)

Description Jeremy Katz 2000-09-19 06:54:37 UTC

There's an inconsistency in the verification of packages in the errata test
of gnorpm.  If running as a normal user, you click the verify button on the
menu bar or the Verify option in the Packages menu, you get an error
message about requiring superuser privileges to verify packages.  In
contrast, if you select a package from one of the package groups and right
click on the package and select verify from the context menu, you are
happily allowed to verify the package.

So either verify_one() in verify.c needs an euid check added or the check
in rpm_verify_pkgs() in mainwin.c needs to be removed.  As RPM by default
allows any user to verify already installed packages, I'd lean towards the
latter.

Comment 1 Alan Cox 2000-09-23 22:53:32 UTC

Has to be the former - a user cannot verify a file they cannot read

Comment 2 Alan Cox 2000-09-24 16:20:49 UTC

Fixed in gnome cvs

Note You need to log in before you can comment on or make changes to this bug.