Package: tiger
Version: 1:3.2.1-24
Severity: normal
Tags: patch
In the script /usr/lib/tiger/scripts/check_accounts .forward files are
checked for the pipe (|) character, to determine whether they execute
commands. This check is wrong, it returns true irregardless of the
content of the forward file.
Rainer Schöpf
*** /usr/lib/tiger/scripts/check_accounts~ 2005-04-18
18:26:12.000000000 +0200
--- /usr/lib/tiger/scripts/check_accounts 2005-09-22
11:04:18.611569196 +0200
***************
*** 178,184 ****
([ ! -d "$home/" ] || [ "$host" != "$HOSTNAME" ]) && return
# Check the .forward file.
! [ -s $home/.forward ] && $GREP '\|' $home/.forward 2>&1 >/dev/null &&
message WARN acc003w "" "Login ID $user is disabled, but has a .forward
file which executes commands."
# Check the .rhosts file.
--- 178,184 ----
([ ! -d "$home/" ] || [ "$host" != "$HOSTNAME" ]) && return
# Check the .forward file.
! [ -s $home/.forward ] && $GREP -F '|' $home/.forward 2>&1 >/dev/null &&
message WARN acc003w "" "Login ID $user is disabled, but has a .forward
file which executes commands."
# Check the .rhosts file.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686-smp
Locale: LANG=en_US.ISO-8859-15, LC_CTYPE=en_US.ISO-8859-15 (charmap=ISO-8859-15)
Versions of packages tiger depends on:
ii binutils 2.15-6 The GNU assembler, linker and bina
ii coreutils [fileutils] 5.2.1-2 The GNU core utilities
ii debconf 1.4.30.13 Debian configuration management sy
ii diff 2.8.1-11 File comparison utilities
ii fileutils 5.2.1-2 The GNU file management utilities
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
ii net-tools 1.60-10 The NET-3 networking toolkit
ii shellutils 5.2.1-2 The GNU shell programming utilitie
ii textutils 5.2.1-2 The GNU text file processing utili
-- debconf information:
* tiger/mail_rcpt: root
tiger/remove_mess: true
* tiger/policy_adapt:
