Bug 430308 - libsmi spec file is missing %defattr
libsmi spec file is missing %defattr
Status: CLOSED DUPLICATE of bug 429669
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: wireshark (Show other bugs)
4.6
All Linux
low Severity medium
: rc
: ---
Assigned To: Radek Vokal
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-01-25 18:29 EST by Ralph Angenendt
Modified: 2008-05-12 09:00 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-12 09:00:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Ralph Angenendt 2008-01-25 18:29:04 EST
Filing under wireshark because libsmi does not have its own component in bugzilla.

Description of problem:

The libsmi rpm tries to install it files as the build user (mockbuild in CentOS,
brewbuild in RHEL). This looks like a security problem to me if libsmi is
installed on a system where this user is available. It's a nuisance (throwing
errors) on all other systems.

Version-Release number of selected component (if applicable):

libsmi.x86_64 0:0.4.5-2

How reproducible:

Install libsmi

Steps to Reproduce:
1. Install libsmi
2.
3.
  
Actual results:

  Installing: libsmi                       ######################## 
[1/3]warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
  Installing: libsmi                       ######################## 
[1/3]warning: user mockbuild does not exist - using root

Expected results:

No such warnings.

Additional info:

The spec file is missing a %defattr line which would give those files to root.
It's just a small nuisance on systems which don't have this user, but it might
be a security risc on machines where packages are built on.
Comment 1 Ralph Angenendt 2008-01-25 18:32:11 EST
This bug has been reported to the CentOS bug tracker
<http://bugs.centos.org/view.php?id=2624>.
Comment 2 Ville Skyttä 2008-01-26 04:09:08 EST
Bug 430298 contains a patch.
Comment 3 Ralph Angenendt 2008-01-27 07:40:00 EST
libsmi in RHEL 5 has the same problem.
Comment 4 Radek Bíba 2008-05-12 09:00:28 EDT
Already fixed in Fastrack. The fixed package will be available in 4.7, too.

*** This bug has been marked as a duplicate of 429669 ***

Note You need to log in before you can comment on or make changes to this bug.