Red Hat Bugzilla – Bug 97255
statically linked rpm binary has glibc bugs that were fixed in RHSA-2003-089-11
Last modified: 2007-04-18 12:54:47 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021202
Description of problem:
RHSA-2003-089-11 fixed bugs in glibc as related to Bugzilla bug #81901 dealing
with moderately long lines in /etc/group. Because the main rpm binary is
statically linked to glibc, it still is vulnerable to the issues that the glibc
update addresses. Specifically, if the install of an RPM package forces the
group on a file to be a group that has a long line in /etc/group, it fails the
lookup of the group name and sets it to 'root'.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create a group in /etc/group that has enough members to make the line go
over 670 characters. (In my example, I call it 'longgrp')
2. Create an RPM .SPEC file that sets the group of a file to be in the long group:
%attr(0444 username longgrp) /usr/local/bin/testme
3. Build the rpm package and install it.
Actual Results: rpm complains about group 'longgrp' not being found and sets
the group to 'root'.
Expected Results: rpm should set the group to 'longgrp'
The glibc fix for this specific condition is noted in bugzilla bug #81901 and in
the glibc errata for RHSA-2003-089-11
Deferred, errata already pending. Don't hold your breath, however,
the errata has been pending for 4 months now.