Ashley Yakeley wrote:
I am, of course, very sorry about this bug. Now that I saw it, I don't understand how I couldn't have noticed it before. But then nobody else did in the past 6 months. It slipped through all controls. The package has already been in 0.4.1 stable in the same form.I wrote:When I installed lcms 1.09-1, it overwrote my /usr/bin directory with a file, making my system non-bootable. Note my fink dir is "/usr/local/finksw".
A short explanation of the bug:
lcms has very simple makefiles, no configure etc. During make install it does the following
-cp icctrans $(BINDIR)
where BINDIR was defined as
BASEDIR = $(DESTDIR)/usr
BINDIR = $(BASEDIR)/bin
In the other Makefiles, I had changed
BASEDIR = $(DESTDIR)/usr
to
BASEDIR = $(DESTDIR)/$(PREFIX)
which then does the right thing, but I forgot to do this patch in one subdirectory (in previous versions it hadn't tried to install icctrans).
The resulting command
cp icctrans %d/usr/bin
gives an (ignored) error message when fink's %p is not inside /usr, because then %d/usr/ does not exist. icctrans is then silently forgotten. If, however, %p is below /usr/, %d/usr/ will exist, but not %/usr/bin/, so that the file icctrans is then copied to the *file* %d/usr/bin.
And dpkg apparently clobbers everything in its way, so it replaces /usr/bin/ by the file /usr/bin.
I wouldn't have thought that dpkg is so merciless. This is as bad as Apple's Installer.app.
Probably, but this wouldn't have helped here. The catastrophe happens when the package is installed by dpkg, not when it is built.d=17203&atid=117203><http://sourceforge.net/tracker/index.php?func=detail&aid=678560&group_i
I've been thinking about how to prevent this sort of thing happening in the future. Two things occur to me:
1. Have fink build as non-root. However, to do this properly I think this requires the use of fakeroot. If anyone wants to port fakeroot, they'd be doing the fink community an enormous favour.
2. After the dpkg is built, fink should check it to make sure that all the files are within %p (or within other directories somehow explicitly mentioned in the .info file).I would rather hope that in future the kind of error that happened here will somehow get detected by human eyes before it can do much destruction. I would regret it if my oversight were the reason for the introduction of some heavy bureaucracy into fink that would be useful only in extremely exceptional cases.
The point is not to be secure against malicious packages, but to be safer against accidental errors.There is probably some Murphy law saying that bugs are always more inventive than the measures trying to prevent them :-(
--
Martin
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Fink-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/fink-devel
