Ubuntu
slack package

prerm will rm -rf / when /etc/slack.conf is empty

Bug #255819 reported by Andrew Pollock on 2008-08-07

	Status	Importance	Assigned to
slack (Ubuntu)	Fix Released	Critical	Luca Falavigna
Hardy	Fix Released	Critical	Luca Falavigna
Intrepid	Fix Released	Critical	Luca Falavigna

Bug Description

Binary package hint: slack

Hi,

I've just fixed a rather severe issue with the prerm in slack, where if /etc/slack.conf is empty, it'll do an rm -rf on /

Attached is a debdiff for a fixed version.

TEST CASE

PROCEDURE:
  IMPORTANT: Test this on a virtual machine or in a pbuilder, THIS WILL DELETE ALL YOUR DATA!
  Install slack binary package
  Run ": > /etc/slack.conf" command
  Remove slack package

RESULT ON PASS:
Package should remove correctly

RESULT ON FAIL:
rm -fr / will be executed as root

END TEST CASE

See original description

Tags:

Related branches

lp:ubuntu/hardy-proposed/slack

Revision history for this message

Andrew Pollock (apollock) wrote on 2008-08-07:

debdiff between 0.15.2-2 and 0.15.2-3 Edit (1.4 KiB, text/plain)

Revision history for this message

Andrew Pollock (apollock) wrote on 2008-08-07:

Steps to reproduce:

(as root)

: > /etc/slack.conf
dpkg --purge slack

Revision history for this message

Andrew Pollock (apollock) wrote on 2008-08-07:

Meh, please disregard the current debdiff (for Hardy), I'll prepare a new one shortly against the version in Hardy.

Revision history for this message

Andrew Pollock (apollock) wrote on 2008-08-07:

debdiff between 0.14.1-2 and 0.14.1-2ubuntu1 Edit (1.1 KiB, text/plain)

Here's an appropriate debdiff for Hardy.

Revision history for this message

Luca Falavigna (dktrkranz) wrote on 2008-08-07:

This is *definitely* SRU-worthy!
Intrepid will be fixed when bug #255833 will be closed by syncing packages from Debian unstable.

Changed in slack:
assignee:	nobody → dktrkranz
importance:	Undecided → Critical
status:	New → In Progress
assignee:	nobody → dktrkranz
importance:	Undecided → Critical
status:	New → Confirmed

Revision history for this message

Luca Falavigna (dktrkranz) wrote on 2008-08-07:

slack_0.14.1-2ubuntu1.debdiff Edit (1.4 KiB, text/plain)

Andrew, thank you so much! I uploaded an ajusted version of your debdiff to hardy-proposed as 0.14.1-2ubuntu1.

Luca Falavigna (dktrkranz) on 2008-08-07

description:

updated

Luca Falavigna (dktrkranz) on 2008-08-08

Changed in slack:
status:	In Progress → Fix Released

Revision history for this message

Martin Pitt (pitti) wrote on 2008-08-08:

Accepted into -proposed, please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in slack:
status:	Confirmed → Fix Committed

Revision history for this message

Cesare Tirabassi (norsetto) wrote on 2008-08-08:

Confirming the problem with current hardy package.
The package from -updates can be purged without side effects:

root@norsetto:/# : > /etc/slack.conf
root@norsetto:/# dpkg --purge slack
(Reading database ... 12468 files and directories currently installed.)
Removing slack ...
Purging configuration files for slack ...
root@norsetto:/#

Revision history for this message

Martin Pitt (pitti) wrote on 2008-09-01:

Copied to hardy-updates.

Changed in slack:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuslack package

prerm will rm -rf / when /etc/slack.conf is empty

Bug Description

Related branches

Other bug subscribers

Patches

Remote bug watches

Ubuntu
slack package