| Summary: | Msec security check complains about dovecot owning dovenull's home dir | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Zoltan Balaton <balaton> |
| Component: | RPM Packages | Assignee: | Shlomi Fish <shlomif> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | minor | ||
| Priority: | Normal | CC: | bittwister2, bozonius, mageia, marja11, shlomif |
| Version: | Cauldron | ||
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| Whiteboard: | MGA6TOO | ||
| Source RPM: | dovecot, msec | CVE: | |
| Status comment: | |||
|
Description
Zoltan Balaton
2013-12-12 09:05:22 CET
Not sure what's going on here, but I did notice in the scriplets for this package, there is _postun_userdel for dovecot and dovenull, but no _pre_useradd, which seems strange. Assignee:
bugsquad =>
mitya Mageia 3 changed to end-of-life (EOL) status 4 months ago. http://blog.mageia.org/en/2014/11/26/lets-say-goodbye-to-mageia-3/ Mageia 3 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Mageia please feel free to click on "Version" change it against that version of Mageia and reopen this bug. Thank you for reporting this bug and we are sorry it could not be fixed. -- The Mageia Bugsquad Status:
NEW =>
RESOLVED This appears in mga 5, though now the user ids are different. Other than that, though, the bug is the same. I only got to inspecting my logs recently and noticed this. Actually came here hoping a fix was in already. Thanks. Status:
RESOLVED =>
REOPENED Reassigning to all packagers collectively, because dovecot no longer has a registered maintainer. CC:
(none) =>
marja11 @ Zoltan & Bozonius, Thank you for having taken the needed time to report this issue! Did this bug get fixed? If so, please change its status to RESOLVED - FIXED If it didn't, then we regret that we weren't able to fix it in Mageia 5. Mageia 5 has officially reached its End of Life on December 31st, 2017 https://blog.mageia.org/en/2017/11/07/mageia-5-eol-postponed/ It only continued to get important security updates since then, because we are waiting for a big Plasma5 update in Mageia 6, that'll fix many of the Mageia 5 => 6 upgrade issues. If you haven't seen that this bug got fixed, then please check whether this bug still exists in Mageia 6. If it does, then please change the Version (near the top, at the left) to "6". If you know it exists in Cauldron, then change Version to Cauldron. If you see it in both Cauldron and Mageia 6, then please set version to Cauldron and add MGA6TOO on the Whiteboard. Thanks, Marja CC:
(none) =>
shlomif I confirm problem exists on mga6 and cauldron mga7 Test procedure: Assuming dovecot is installed and msec has completed its run: 1. click up a root terminal 2. journalctl --no-hostname msec | grep dovecot You should see something like Apr 15 04:04:55 msec[20219]: user=dovenull(970) : home directory is owned by dovecot(971). $ grep dove /etc/passwd dovecot:x:973:964:system user for dovecot:/var/lib/dovecot:/bin/false dovenull:x:972:963:system user for dovecot:/var/lib/dovecot:/bin/false CC:
(none) =>
bittwister2 Thanks, Bit Twister. Reassigning to the new dovecot maintainer. Source RPM:
dovecot-2.1.15-2.mga3.src.rpm msec-0.80.10-13.mga3.src.rpm =>
dovecot, msec It is fixed in mga7/cauldron current dovecot package, now dovenull is in /var/lib/dovenull and an upgrade commande is in place to handle upgrade. Resolution:
(none) =>
FIXED |