On Wed, Apr 14, 2004 at 01:17:14AM +0200, Anders Johansson wrote:
On Wednesday 14 April 2004 00.07, Phil Mocek wrote:
I've found a bug that causes SuSEconfig (and, presumably, Yast2, since it uses SuSEconfig) to fail to update Postfix configuration and then incorrectly report that it has done so successfully.
More alarmingly, if any command `postconf' exists in a user's PATH when running the SuSEconfig postfix module, *that command*, (whichever one is found first; not necessarily the intended one) will be run by SuSEconfig.
I think it goes without saying that you should never have a user writable directory in your path when you run things as root.
Really? So when you give sudo privileges to a user, including yourself, just how do you guarantee that the user will change his path before every use of sudo? You'd prefer to rely on that happening than to simply specify a full path to the correct command in the script? A system utility relying upon the command search path of its parent process is never a good idea.
I think the real bug is that SuSEconfig doesn't reset the path to something sane.
And the fact that it doesn't verify that a command it will execute repeatedly even exists before blindly attempting to execute it and write its output into Postfix's system-wide configuration file? And the fact that it returns 0, which indicates success, after multiple failures? Anyway, I got a response to my bug report (Ticket 20040414990000016) from SuSE:
This is a known bug that has been fixed in the upcoming SUSE Linux 9.1. For 9.0 this bug alone does not warrant an official update.
Apparently, they don't think it warrants warning anyone about it, either. Or even publishing the fact that it is known. -- Phil Mocek