[Bug 381845] New: rpmdb2solv tries to write to file with empty file name
https://bugzilla.novell.com/show_bug.cgi?id=381845 Summary: rpmdb2solv tries to write to file with empty file name Product: openSUSE 11.0 Version: Alpha 2 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: jkupec@novell.com ReportedBy: lnussel@novell.com QAContact: jsrain@novell.com CC: kkaempf@novell.com Found By: --- I got the following output with zypper-0.10.4-2.10 and satsolver-tools-0.0.23-4.3 on 10.3. Since I got the same output from the kde updater applet on beta1 though but werent able to save it at that time I opened the bug this way. running zypper refresh as root does fix the problem as advertised. $ zypper se glib2-doc Target initialization failed: rpmdb2solv -r '/' '/var/cache/zypp/@System.solv' > '' /bin/sh: : No such file or directory Running 'zypper refresh' as root might resolve the problem. I wonder why there needs to be a shell involved at all -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=381845
User jkupec@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c1
Ján Kupec
I wonder why there needs to be a shell involved at all
rpmdb2solv is a shell script, it builds a .solv file out of the rpmdb. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=381845
User kkaempf@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c2
--- Comment #2 from Klaus Kämpf
https://bugzilla.novell.com/show_bug.cgi?id=381845
User jkupec@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c3
--- Comment #3 from Ján Kupec
https://bugzilla.novell.com/show_bug.cgi?id=381845
User fm@opensuse.org added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c4
Felix Möller
https://bugzilla.novell.com/show_bug.cgi?id=381845
User jkupec@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c5
Ján Kupec
https://bugzilla.novell.com/show_bug.cgi?id=381845
User jkupec@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c6
--- Comment #6 from Ján Kupec
https://bugzilla.novell.com/show_bug.cgi?id=381845
User jkupec@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c7
--- Comment #7 from Ján Kupec
https://bugzilla.novell.com/show_bug.cgi?id=381845
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c8
--- Comment #8 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=381845
User ma@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c9
--- Comment #9 from Michael Andres
https://bugzilla.novell.com/show_bug.cgi?id=381845
User ma@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c10
Michael Andres
https://bugzilla.novell.com/show_bug.cgi?id=381845
User jkupec@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c11
Ján Kupec
No suid. If a sysadmin want's to allow (all) users to refresh an outdated cache, then he could set
drwxrwxr_x 3 root users 4096 2008-04-15 11:43 /var/cache/zypp/
Then we would need to ship libzypp with such permissions on this dir - think of the updater applets - they need to do refresh. They use a suid wrapper to do it. (In reply to comment #8 from Ludwig Nussel)
What really worries me now is that you want to include this in a setuid program. That's highly dangerous if a shell is involved.
We do it since ages, but there was no shell involved until now.
Please submit any changes in that regard to the security-team for review!
OK -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=381845
User jkupec@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c12
--- Comment #12 from Ján Kupec
(In reply to comment #0 from Ludwig Nussel)
I wonder why there needs to be a shell involved at all
rpmdb2solv is a shell script, it builds a .solv file out of the rpmdb.
I meant repo2solv.sh of course :O) This script then calls rpmdb2solv binary. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=381845
User matz@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c13
Michael Matz
https://bugzilla.novell.com/show_bug.cgi?id=381845
User jkupec@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c14
Ján Kupec
https://bugzilla.novell.com/show_bug.cgi?id=381845
User dmacvicar@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=381845#c15
Duncan Mac-Vicar
participants (1)
-
bugzilla_noreply@novell.com