popt warning

[Elan Ruusamäe]

On 23.02.2016 19:42, Jeff Johnson wrote:
> On Feb 22, 2016, at 5:23 PM, Elan Ruusamäe wrote:
>
>> sometimes i see such message when building packages:
>>
>> warning: existing POPT configuration file "/usr/lib/rpm/rpmpopt:/usr/lib/rpm/%{_target}/rpmpopt:/etc/rpm/rpmpopt.*:/etc/rpm/rpm
>> popt:/etc/rpm/%{_target}/rpmpopt:~/.rpmpopt" considered INSECURE -- not loaded
>>
>> not always, i.e building same package i sometimes see this and sometimes do not.
>> rpm-5.4.15-31.x86_64
>>
>> any ideas what this is about?
> The intent is/was to have poptSaneFile() check permissions on files being read
> (non-zero is an error). The mechanism is dependent on adding a leading '@'
> to a file path.
>
> int poptSaneFile(const char * fn)
> {
>      struct stat sb;
>      uid_t uid = getuid();
>
>      if (stat(fn, &sb) == -1)
>          return 1;
>      if ((uid_t)sb.st_uid != uid)
>          return 0;
>      if (!S_ISREG(sb.st_mode))
>          return 0;
>      if (sb.st_mode & (S_IWGRP|S_IWOTH))
>          return 0;
>      return 1;
> }
>
> There may be other returns (from failure to read a file) in poptReadFile() that may trigger the message.

so, any of those files should be group or other writable to produce the 
warning...


➔ for a in $(rpm -E 
/usr/lib/rpm/rpmpopt:/usr/lib/rpm/%{_target}/rpmpopt:/etc/rpm/rpmpopt.*:/etc/rpm/rpmpopt:/etc/rpm/%{_target}/rpmpopt:~/.rpmpopt|tr 
':' ' '); do ls -ld $a; done
-rw-r--r-- 1 root root 20977 29. nov   14:30 /usr/lib/rpm/rpmpopt
ls: cannot access '/usr/lib/rpm/x86_64-linux/rpmpopt': No such file or 
directory
ls: cannot access '/etc/rpm/rpmpopt.*': No such file or directory
ls: cannot access '/etc/rpm/rpmpopt': No such file or directory
ls: cannot access '/etc/rpm/x86_64-linux/rpmpopt': No such file or directory
ls: cannot access '~/.rpmpopt': No such file or directory

➔



-- 
glen