Bug 141153

Summary: Non executable directories in various packages
Product: [openSUSE] SUSE LINUX 10.0 Reporter: Balazs Melikant <balazs.melikant>
Component: SecurityAssignee: Ruediger Oertel <ro>
Status: VERIFIED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: balazs.melikant, hare, suse-beta
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: SuSE Linux 10.0   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Balazs Melikant 2005-12-31 13:15:16 UTC 
As stated e.g. here
http://www.novell.com/products/linuxpackages/professional/chkrootkit.html ,
the permissions should be corrected as follows:

drw-r--r--    2 root    root                0 Sep  9 18:03 /usr/share/doc/packages/chkrootkit
->
drwxr-xr-x
Comment 1 Christian Boltz 2006-01-03 00:13:10 UTC 
chrootkit is not the only package affected. You can get a list using
    zgrep ":  *d..-..-" ARCHIVES.gz

To give you a short overview (ARCHIVES.gz from retail DVD):
# zgrep ":  *d..-..-" ARCHIVES.gz   | cut -d: -f1 | uniq
./DVD1/suse/i586/pxe-1.4.2-4.i586.rpm
./DVD1/suse/i586/freeradius-1.0.4-4.i586.rpm
./DVD1/suse/i586/chkrootkit-0.45-3.i586.rpm
./DVD1/suse/i586/pcp-2.4.0-6.i586.rpm
./DVD1/suse/i586/x3270-3.2.20-291.i586.rpm
./DVD1/suse/noarch/storeBackup-1.19-2.noarch.rpm
./DVD1/suse/x86_64/chkrootkit-0.45-3.x86_64.rpm
./DVD1/suse/x86_64/freeradius-1.0.4-4.x86_64.rpm
./DVD1/suse/x86_64/pxe-1.4.2-4.x86_64.rpm
./DVD1/suse/x86_64/x3270-3.2.20-291.x86_64.rpm
./DVD1/suse/x86_64/pcp-2.4.0-6.x86_64.rpm
Comment 2 Christian Boltz 2006-01-03 20:35:33 UTC 
BTW: I reported the broken permissions of StoreBackup already - bug 132857
Comment 3 Marcus Meissner 2006-01-20 15:57:06 UTC 
I fixed chkrootkit and pxe now.

over to wolfgang for freeradius.

cc rw for pcp, hare for x3270.
Comment 4 Wolfgang Rosenauer 2006-01-20 18:03:12 UTC 
submitted freeradius
Comment 5 Raymund Will 2006-01-20 18:03:58 UTC 
Regarding 'pcp':
first: pah, duplicate of bug #129486, which has been rejected
  for SLES9SP3  -- feel free to use
     /work/src/done/DISCARDED/SLES9-SP3/pcp
  if you want a fixed package, and
second: 'pcp' has been updated to 2.5.0 for SL10.1/SLES10.
Comment 6 Marcus Meissner 2006-02-15 10:50:07 UTC 
i think most if not all of them are fixed now,
a autobuild check finding them would be nice...
Comment 7 Christian Boltz 2006-02-15 16:46:56 UTC 
rpm -qplv the-new.rpm | grep "^d..-"   should do the job ;-)

BTW: There are still some packages packages with broken directory permissions (Factory tree as of 10.1 beta3):

# zgrep "rpm:[    ]*d..-" ARCHIVES.gz | sed 's/root  *root.*//' |sort -u
./inst-source/suse/i586/eID-belgium-2.52-2.i586.rpm:    drw-r--r--
./inst-source/suse/i586/x3270-3.2.20-292.i586.rpm:    drw-r--r--
./inst-source/suse/ppc/eID-belgium-2.52-2.ppc.rpm:    drw-r--r--
./inst-source/suse/ppc/x3270-3.2.20-292.ppc.rpm:    drw-r--r--
./inst-source/suse/x86_64/eID-belgium-2.52-2.x86_64.rpm:    drw-r--r--
./inst-source/suse/x86_64/x3270-3.2.20-292.x86_64.rpm:    drw-r--r--

(grep without the "|sed ..." to see the directory names)
Comment 8 Ruediger Oertel 2006-02-16 14:10:41 UTC 
ok, the build check is on now.

not about fixing those packages ...
Comment 9 Ruediger Oertel 2006-02-16 14:26:05 UTC 
done
Comment 10 Christian Boltz 2006-03-13 23:37:21 UTC 
The build check seems to work - there's no non-executable directory in todays Factory tree :-)

Thanks!