[Bug 900496] [NEW] dovecot-core installation fails because "start" is used from PATH
teamnoir
900496 at bugs.launchpad.net
Mon Dec 5 21:35:15 UTC 2011
*** This bug is a security vulnerability ***
Public security bug reported:
precise pangolin alpha 1.
When installing dovecot-core, the installation fails when the service is
started because I already have a program called "start" in my PATH.
I suspect that /etc/init.d/dovecot should call "start" either using an
absolute path or by calling initctl directly.
I believe this bug also constitutes a security vulnerability.
rich at bear> ls -las /sbin/start
0 lrwxrwxrwx 1 root root 7 Oct 26 22:17 /sbin/start -> initctl
rich at bear> type start
start is /home/rich/local/independent/start
rich at bear> lsb_release -rcd
Description: Ubuntu precise (development branch)
Release: 12.04
Codename: precise
rich at bear> apt-cache policy dovecot-core
dovecot-core:
Installed: 1:2.0.15-1ubuntu4
Candidate: 1:2.0.15-1ubuntu4
Version table:
*** 1:2.0.15-1ubuntu4 0
500 http://us.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages
100 /var/lib/dpkg/status
** Affects: dovecot (Ubuntu)
Importance: Undecided
Status: New
** Tags: distribution-upgrade
** Visibility changed to: Public
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to dovecot in Ubuntu.
https://bugs.launchpad.net/bugs/900496
Title:
dovecot-core installation fails because "start" is used from PATH
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dovecot/+bug/900496/+subscriptions
More information about the Ubuntu-server-bugs
mailing list