[Bug 695317] New: rkhunter cron script contains unquoted variable
https://bugzilla.novell.com/show_bug.cgi?id=695317 https://bugzilla.novell.com/show_bug.cgi?id=695317#c0 Summary: rkhunter cron script contains unquoted variable Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: volker3204@paradise.net.nz QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=430753) --> (http://bugzilla.novell.com/attachment.cgi?id=430753) Patch with fix User-Agent: Mozilla/5.0 (compatible; Konqueror/4.6; Linux) KHTML/4.6.0 (like Gecko) SUSE The mails sent by the rkhunter check script have a subject with random strings because the corresponding variable in /etc/cron.daily/suse.de-rkhunter is missing proper quotes. Not many variables in that script are quoted safely - not good IMHO for root scripts. Reproducible: Always Steps to Reproduce: 1. Run /etc/cron.daily/suse.de-rkhunter 2. Look at resulting email Actual Results: Part of subject contains random string or is empty. Expected Results: The string intended to be there. Fix in attached patch. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=695317
https://bugzilla.novell.com/show_bug.cgi?id=695317#c1
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=695317
https://bugzilla.novell.com/show_bug.cgi?id=695317#c2
Volker Kuhlmann
https://bugzilla.novell.com/show_bug.cgi?id=695317
https://bugzilla.novell.com/show_bug.cgi?id=695317#c3
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=695317
https://bugzilla.novell.com/show_bug.cgi?id=695317#c4
--- Comment #4 from Volker Kuhlmann
rpm -q rkhunter rkhunter-1.3.8-4.2.x86_64
rpm -qi rkhunter Name : rkhunter Relocations: (not relocatable) Version : 1.3.8 Vendor: obs://build.opensuse.org/openSUSE:11.4:Contrib Release : 4.2 Build Date: Wed 09 Mar 2011 10:21:35 NZDT Install Date: Mon 25 Apr 2011 11:34:23 NZST Build Host: build17 Group : System/Monitoring Source RPM: rkhunter-1.3.8-4.2.src.rpm Size : 879314 License: GPL v3 Signature : DSA/SHA1, Wed 09 Mar 2011 10:22:49 NZDT, Key ID 4c236e3c62b21ea4
dl -d /var/cache/zypp/packages/ | grep rkhunt 190418 2011-04-25 11:34:19 download.opensuse.org-standard/x86_64/rkhunter-1.3.8-4.2.x86_64.rpm
grep -l download.opensuse.org-standard /etc/zypp/repos.d/* /etc/zypp/repos.d/download.opensuse.org-standard.repo
cat /etc/zypp/repos.d/download.opensuse.org-standard.repo [download.opensuse.org-standard] name=Main Repository (Contrib) .. baseurl=http://download.opensuse.org/repositories/openSUSE:/11.4:/Contrib/standard/
This is where is most surely came from. It is 1 of 2 packages found here (first one): http://software.opensuse.org/search?baseproject=openSUSE%3A11.4&p=1&q=rkhunter I checked, and the second package has exactly the same broken script: http://software.opensuse.org/search/download?base=openSUSE%3A11.4&file=security%2FopenSUSE_11.4%2Fx86_64%2Frkhunter-1.3.8-1.1.x86_64.rpm HTH -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=695317
https://bugzilla.novell.com/show_bug.cgi?id=695317#c5
--- Comment #5 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=695317
https://bugzilla.novell.com/show_bug.cgi?id=695317#c
Sascha Manns
https://bugzilla.novell.com/show_bug.cgi?id=695317
https://bugzilla.novell.com/show_bug.cgi?id=695317#c6
--- Comment #6 from Sascha Manns
https://bugzilla.novell.com/show_bug.cgi?id=695317
https://bugzilla.novell.com/show_bug.cgi?id=695317#c7
--- Comment #7 from Volker Kuhlmann
https://bugzilla.novell.com/show_bug.cgi?id=695317
https://bugzilla.novell.com/show_bug.cgi?id=695317#c8
Sascha Manns
participants (1)
-
bugzilla_noreply@novell.com