tags 313644 + patch security severity 313644 important thanks Please try this patch:
--- /usr/lib/zope2.7/bin/mkzopeinstance.py.orig 2005-06-14 22:28:04.538426375
+0200
+++ /usr/lib/zope2.7/bin/mkzopeinstance.py 2005-06-14 22:23:28.145889036 +0200
@@ -147,7 +147,7 @@
print 'User/password not updated, since file '+inituser+' exists.'
else:
if user and password:
- write_inituser(inituser, user, password)
+ write_inituser(inituser, user, password, uid, gid)
def usage(stream, msg=None):
@@ -190,14 +190,17 @@
print "Password mismatch, please try again..."
return user, passwd
-def write_inituser(fn, user, password):
+def write_inituser(fn, user, password, uid=None, gid=None):
import binascii
import sha
fp = open(fn, "w")
pw = binascii.b2a_base64(sha.new(password).digest())[:-1]
fp.write('%s:{SHA}%s\n' % (user, pw))
fp.close()
- os.chmod(fn, 0644)
+ os.chmod(fn, 0640)
+ if uid is None: uid = fstat(fp.fileno())[4]
+ if gid is None: gid = fstat(fp.fileno())[5]
+ os.chown(fn, uid, gid)
if __name__ == "__main__":
main()
--
.''`. martin f. krafft <[EMAIL PROTECTED]>
: :' : proud Debian developer, admin, user, and author
`. `'`
`- Debian - when you have better things to do than fixing a system
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!
"arthur slapped his arms about himself to try and get his
circulation a little more enthusiastic about its job."
-- hitchhiker's guide to the galaxy
signature.asc
Description: Digital signature
