https://bugzilla.novell.com/show_bug.cgi?id=757393
https://bugzilla.novell.com/show_bug.cgi?id=757393#c2
Christian Boltz changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |security-team@suse.de
Summary|acroread: file |acroread: file
|C:\nppdf32Log\debuglog.txt |C:\nppdf32Log\debuglog.txt
|created in home directory |created in home directory
| |and /
--- Comment #2 from Christian Boltz 2012-04-19 19:31:02 CEST ---
Good catch - I have this file in / also. It was created around the time I
installed the updated acroread package, and (obviously) as root :-/
# ls -l /C* --time-style=full-iso
-rw-r--r-- 1 root root 24 2012-04-16 18:35:30.000000000 +0200
/C:\nppdf32Log\debuglog.txt
# grep acroread /var/log/zypp/history |tail -n1
2012-04-16 18:35:35|install|acroread|9.5.1-3.10.1|i586||update-test|
5fffd99039822a513cb4dcb8d92ea03b9819d9a830f984d8e1e297c2b5a9ed7a
Since we are talking about a time difference of some seconds, let me quote the
relevant lines of zypper.log when the package was installed:
2012-04-16 18:35:16 <1> geeko(21975) [zypp]
PackageProvider.cc(providePackage):112 provided Package from cache
(50822)acroread-9.5.1-3.10.1.i586(update-test) at
/var/cache/zypp/packages/update-test/i586/acroread-9.5.1-3.10.1.i586.rpm
2012-04-16 18:35:16 <1> geeko(21975) [zypp] RpmDb.cc(doInstallPackage):1708
RpmDb::installPackage(/var/cache/zypp/packages/update-test/i586/acroread-9.5.1-3.10.1.i586.rpm,0x0000000c)
2012-04-16 18:35:16 <1> geeko(21975) [zypp++]
ExternalProgram.cc(start_program):229 Executing 'rpm' '--root' '/' '--dbpath'
'/var/lib/rpm' '-U' '--percent' '--force' '--nodeps' '--'
'/var/cache/zypp/packages/update-test/i586/acroread-9.5.1-3.10.1.i586.rpm'
2012-04-16 18:35:16 <1> geeko(21975) [zypp++]
ExternalProgram.cc(start_program):381 pid 22025 launched
2012-04-16 18:35:35 <1> geeko(21975) [zypp++]
ExternalProgram.cc(checkStatus):482 Pid 22025 successfully completed
2012-04-16 18:35:35 <1> geeko(21975) [zypp] PathInfo.cc(unlink):670 unlink
/var/cache/zypp/packages/update-test/i586/acroread-9.5.1-3.10.1.i586.rpm
This means the file in / was created while the acroread package was updated.
Needless to say I'm never running acroread or a browser (which could use it as
plugin) as root. In other words: I have no idea why/how acroread was able to
write in /
The file in my home directory has this timestamp:
-rw-r--r-- 1 cb users 2371 2012-04-19 18:48:27.000000000 +0200
/home/cb/C:\nppdf32Log\debuglog.txt
which is about 10 minutes after the package was installed (but maybe I
accidently changed the timestamp somehow).
BTW:
# rpm -ql acroread | xargs grep debuglog.txt
Binary file /usr/lib/Adobe/Reader9/Browser/intellinux/nppdf.so matches
Binary file /usr/lib/browser-plugins/nppdf.so matches
Using "strings" on this files confirms that it contains the full filename
"C:\nppdf32Log\debuglog.txt"
BTW 2: /usr/lib/Adobe/Reader9/Resource/Support/AdobeReader.desktop is only
readable for root - I doubt this is intentional...
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.