[SRU] package installation creates /root/.tvtime
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tvtime (Debian) |
Fix Released
|
Unknown
|
|||
tvtime (Fedora) |
Fix Released
|
Medium
|
|||
tvtime (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned | ||
Quantal |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Binary package hint: tvtime
Since Dapper, tvtime is installed with root as the owner. This makes it so the user can't save channel data, picture settings, etc.
ProblemType: Bug
Architecture: i386
Date: Fri Mar 16 01:12:08 2007
DistroRelease: Ubuntu 7.04
Uname: Linux godzilla 2.6.20-11-generic #2 SMP Thu Mar 15 08:03:07 UTC 2007 i686 GNU/Linux
SRU JUSTIFICATION:
[Impact] + [Test Case]
From Debian bug (http://
"Hi,
during a test with piuparts I noticed that your package creates files in
/root. From the attached log
http://
0m34.1s ERROR: FAIL: Package purging left files on system:
/root/.tvtime/ not owned
Creating stuff in /root is a FHS and policy violation. (And of course
these files should not be deleted by maintainer scripts.)
But it is also an indication that the package operation may depend on
root's .tvtime configuration (and package installation might even fail if
that configuration is broken). That would be a case for "configuration
files not in /etc"."
This might also be the cause for "this bug" where a users ~/.tvtime/ is
owned by root:root - probably depending on how the user switched to root.
[Regression Potential]
"This is due to tvtime-configure being called in the postinst script.
tvtime-configure uses config_new() which in turn contains this code:
/* Make the ~/.tvtime directory every time on startup, to be safe. */
if( asprintf( &temp_dirname, "%s/.tvtime", getenv( "HOME" ) ) < 0 ) {
/* FIXME: Clean up ?? */
return 0;
}
mkdir_
free( temp_dirname );
Therefore, tvtime-configure creates $HOME/.tvtime everytime you
run it, even when the invocation is something like
tvtime-configure -F /etc/tvtime/
I have attached a patch which will fix the bug (that is, not create
$HOME/.tvtime on every run) but will still work correctly by creating
dirname(
deinterlacing setting."
Changed in tvtime (Ubuntu): | |
assignee: | MOTU Media Team (motumedia) → nobody |
Changed in tvtime (Debian): | |
status: | Unknown → New |
Changed in tvtime (Debian): | |
status: | New → Fix Released |
summary: |
- tvtime package defaults to root ownership + [SRU] package installation creates /root/.tvtime |
description: | updated |
description: | updated |
description: | updated |
Changed in tvtime (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in tvtime (Ubuntu Quantal): | |
status: | New → Confirmed |
Changed in tvtime (Ubuntu Precise): | |
importance: | Undecided → Medium |
Changed in tvtime (Ubuntu Quantal): | |
importance: | Undecided → Medium |
Changed in tvtime (Ubuntu Precise): | |
status: | Confirmed → Triaged |
Changed in tvtime (Ubuntu Quantal): | |
status: | Confirmed → Triaged |
Changed in tvtime (Fedora): | |
importance: | Unknown → Medium |
status: | Unknown → Fix Released |
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5)
Gecko/20041107 Firefox/1.0
Description of problem:
The tvtime binary is installed setuid root. Is that wise ?
AFAIK it is because it needs access to /dev/rtc
Can that not be solved in some other way ?
The last thing we need is a remote break-in over TV signals ;-)
Is there really no other way for precise timing but /dev/rtc ?
Version-Release number of selected component (if applicable):
tvtime-0.9.13-1