Bug#641538: closed by werner@aloah-from-hell.de (policyd-weight: debug bug: using wrong function to calculate the issuing, group)

Sun, 08 Jan 2012 14:06:16 -0800 

Hello,

Debian Bug Tracking System <ow...@bugs.debian.org> (Sa 07 Jan 2012 12:12:27 
CET):
> This is an automatic notification regarding your Bug report
> which was filed against the policyd-weight package:
> 
> #641538: policyd-weight: debug bug: using wrong function to calculate the 
> issuing group
> It has been closed by wer...@aloah-from-hell.de.

I'd re-open the bug.

> Hi,
> 
> I'm closing this bug. The relevant part of policyd-weight is as follows:
> 
>     651 if($CMD_DEBUG == 1)
>     652 {
>     653     $DEBUG = 1;
>     654     $conf_str =~ s/\#.*?(\n)/$1/gs;
>     655     $conf_str =~ s/\n+/\n/g;
>     656     print "config: $conf\n".$conf_str."\n";
>     657     $SPATH   .= ".debug";
>     658
>     659     # chose /tmp for debug pidfiles only if user is not root
>     660     # if root would store debug pids also in /tmp we would be
>     661     # open to race attacks
>     662     if($< != 0)
>     663     {
>     664         $PIDFILE = "/tmp/policyd-weight.pid.debug";
>     665     }
>     666     else
>     667     {
>     668         $PIDFILE .= ".debug";
>     669     }
>     670
>     671     print "debug: using port ".++$TCP_PORT."\n";
>     672     print "debug: USER:  $USER\n";
>     673     print "debug: GROUP: $GROUP\n";
>     674     print "debug: issuing user:  ".getpwuid($<)."\n";
>     675     print "debug: issuing group: ".getpwuid($()."\n";
>     676 }
> 
> As written in my previous message (I just forgot to close this Bug) it does 
> not
> really matter if getpwuid() or getpwuid() is used. So I'll close this bug.

Why doesn't it matter?

It matters. The debug code should print the name of the issuing *group*.
The correct function for mapping a group id into a group name is
getgrgid() and not getpwuid(). Please change line 675 to use getgrgid().

It just does not matter, if the groupname:groupid and username:userid
follow the same pattern, e.g. root:0. But this isn't always true.

Here is the relevant part of my old bug report:

> In line 676 the policyd calls getpwuid($() to calculate the
> name of the issuing *group*, I'd say, it should be getgrgid($().
> 
> Mostly the bug doesn't matter, since the *name* of the user 0
> is the same as the name of the group 0.

Please make Debian a better distribution ☺

-- 
Heiko

Attachment: signature.asc
Description: Digital signature

Reply via email to