Insecure behavior: Cancel on config dialog of package proftpd

Bug #477808 reported by Jimc
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
proftpd-dfsg (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Installing gadmin tools via synaptic proftp pops up asking for configuration , as I was not ready to configure I clicked cancel, this occurred three times then crashed

ProblemType: Package
Architecture: i386
Date: Sat Nov 7 20:56:59 2009
DistroRelease: Ubuntu 9.10
ErrorMessage: subprocess installed post-installation script returned error exit status 1
NonfreeKernelModules: nvidia
Package: proftpd-basic 1.3.2-3
ProcVersionSignature: Ubuntu 2.6.31-14.48-generic
SourcePackage: proftpd-dfsg
Title: package proftpd-basic 1.3.2-3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
Uname: Linux 2.6.31-14-generic i686

Revision history for this message
Jimc (jjc-uk25) wrote :
Revision history for this message
Blown2bits (blown2bits) wrote :

***Warning: I detected insecure system behavior with this bug.***

Same thing happened to me. Installed gadmin-proftpd via Synaptic. Thought I was installing a client. Realized my mistake and clicked cancel when asked to choose between standalone and inetd. Install failed after box popped up again multiple times.

Synaptic, however, reported it as installed. So, I uninstalled through Synaptic. Looked at the details during the uninstall and it turned out that instead of uninstalling, it finished the install and started the server! But Synaptic now shows package as uninstalled!

I had to reinstall, and then uninstall again to actually uninstall it.

Because the server was started potentially without user knowledge or permission, this is a definite system security issue.

uname -a: Linux xxx 2.6.31-18-generic #55-Ubuntu SMP Fri Jan 8 14:54:52 UTC 2010 x86_64 GNU/Linux

Steps to reproduce:
1. Start Synaptic
2. Select gadmin-proftpd for installation (version 1:0.3.5-4)
3. When config dialog asks to choose "inetd" or "standalone", press Cancel until it crashes or goes away.
4. In Synaptic, select gamin-proftpd for Complete Removal and hit apply.
5. In progress dialog, deselect checkbox "Automatically close after the changes..."
6. Open the Details sub-window.

Note that the server has been started.

Changed in proftpd-dfsg (Ubuntu):
status: New → Confirmed
summary: - package proftpd-basic 1.3.2-3 failed to install/upgrade: subprocess
- installed post-installation script returned error exit status 1
+ Insecure behavior: Cancel on config dialog of package proftpd
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.