Bug#597704: marked as done (On upgrade to 2.4.23-5 an rm -f /* has been executed and crashed my whole system!)

Debian Bug Tracking System Thu, 23 Sep 2010 02:18:25 -0700

Your message dated Thu, 23 Sep 2010 09:17:22 +0000
with message-id <e1oyhve-0005c3...@franck.debian.org>
and subject line Bug#597704: fixed in openldap 2.4.23-6
has caused the Debian Bug report #597704,
regarding On upgrade to 2.4.23-5 an rm -f /* has been executed and crashed my 
whole system!
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
597704: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597704
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: slapd
Version: 2.4.23-5
Severity: critical

After the last upgrade of slapd my complete sytem was unusable because
the update ran a rm -f /*.

this fortunatly was not able to delete the directory bin, sbin, home,
var, ... but it deleted the symlink lib64 -> lib (amd64 system) and then
the linker was not able to find some libraries so the system was
unusable. I was able to recover the link by boot cd, so I think I did
not lose any data.

Background: I installed slapd on my desktop for testing with
ldapbackend. I just did a straight installation of slapd but I changed
slapd.conf afterwards to use the ldap-backend.
During the upgrade either slapd.config or slapd.postinst failed and
tried to delete the database directory but since my slapd.conf did not
contain any directory statement any more get_directory returned nothing
and $dbdir was emtpy. So instead of rm -f "$dbdir"/* it ran  rm -f /*!

Please add a test that checks if $dbdir has any value!

Btw: I think rm -f "$dbdir"/* can run into MAX_ARGS. maybe using find
.... -delete would be better



-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.34-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages slapd depends on:
ii  adduser                   3.112          add and remove users and groups
ii  coreutils                 8.5-1          GNU core utilities
ii  debconf [debconf-2.0]     1.5.35         Debian configuration management sy
ii  libc6                     2.11.2-5       Embedded GNU C Library: Shared lib
ii  libdb4.8                  4.8.30-2       Berkeley v4.8 Database Libraries [
ii  libgnutls26               2.8.6-1        the GNU TLS library - runtime libr
ii  libldap-2.4-2             2.4.23-5       OpenLDAP libraries
ii  libltdl7                  2.2.6b-2       A system independent dlopen wrappe
ii  libperl5.10               5.10.1-14      shared Perl library
ii  libsasl2-2                2.1.23.dfsg1-6 Cyrus SASL - authentication abstra
ii  libslp1                   1.2.1-7.8      OpenSLP libraries
ii  libwrap0                  7.6.q-19       Wietse Venema's TCP wrappers libra
ii  lsb-base                  3.2-23.1       Linux Standard Base 3.2 init scrip
ii  perl [libmime-base64-perl 5.10.1-14      Larry Wall's Practical Extraction 
ii  psmisc                    22.11-1        utilities that use the proc file s
ii  unixodbc                  2.2.14p2-1     ODBC tools libraries

Versions of packages slapd recommends:
ii  libsasl2-modules          2.1.23.dfsg1-6 Cyrus SASL - pluggable authenticat

Versions of packages slapd suggests:
ii  ldap-utils                    2.4.23-5   OpenLDAP utilities
-

Besuchen Sie unsere neue Website. Visit our new website.

http://www.BERCHTOLD.biz



Diese E-Mail kann vertrauliche Informationen enthalten. Wenn Sie nicht der

Adressat sind, sind Sie nicht zur Verwendung der in dieser E-Mail

enthaltenen Informationen befugt. Bitte benachrichtigen Sie uns sofort ueber

den irrtuemlichen Empfang.



This e-mail may contain confidential information. If you are not the

addressee you are not authorized to make use of the information contained

in this e-mail. Please inform us immediately that you have received it by

mistake.

--- End Message ---

--- Begin Message ---

Source: openldap
Source-Version: 2.4.23-6

We believe that the bug you reported is fixed in the latest version of
openldap, which is due to be installed in the Debian FTP archive:

ldap-utils_2.4.23-6_amd64.deb
  to main/o/openldap/ldap-utils_2.4.23-6_amd64.deb
libldap-2.4-2-dbg_2.4.23-6_amd64.deb
  to main/o/openldap/libldap-2.4-2-dbg_2.4.23-6_amd64.deb
libldap-2.4-2_2.4.23-6_amd64.deb
  to main/o/openldap/libldap-2.4-2_2.4.23-6_amd64.deb
libldap2-dev_2.4.23-6_amd64.deb
  to main/o/openldap/libldap2-dev_2.4.23-6_amd64.deb
openldap_2.4.23-6.diff.gz
  to main/o/openldap/openldap_2.4.23-6.diff.gz
openldap_2.4.23-6.dsc
  to main/o/openldap/openldap_2.4.23-6.dsc
slapd-dbg_2.4.23-6_amd64.deb
  to main/o/openldap/slapd-dbg_2.4.23-6_amd64.deb
slapd-smbk5pwd_2.4.23-6_amd64.deb
  to main/o/openldap/slapd-smbk5pwd_2.4.23-6_amd64.deb
slapd_2.4.23-6_amd64.deb
  to main/o/openldap/slapd_2.4.23-6_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 597...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matthijs Mohlmann <matth...@cacholong.nl> (supplier of updated openldap package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 23 Sep 2010 10:17:50 +0200
Source: openldap
Binary: slapd slapd-smbk5pwd ldap-utils libldap-2.4-2 libldap-2.4-2-dbg 
libldap2-dev slapd-dbg
Architecture: source amd64
Version: 2.4.23-6
Distribution: unstable
Urgency: high
Maintainer: Debian OpenLDAP Maintainers 
<pkg-openldap-de...@lists.alioth.debian.org>
Changed-By: Matthijs Mohlmann <matth...@cacholong.nl>
Description: 
 ldap-utils - OpenLDAP utilities
 libldap-2.4-2 - OpenLDAP libraries
 libldap-2.4-2-dbg - Debugging information for OpenLDAP libraries
 libldap2-dev - OpenLDAP development libraries
 slapd      - OpenLDAP server (slapd)
 slapd-dbg  - Debugging information for the OpenLDAP server (slapd)
 slapd-smbk5pwd - Keeps Samba and Kerberos passwords in sync within slapd.
Closes: 597704
Changes: 
 openldap (2.4.23-6) unstable; urgency=high
 .
   * Check for an empty directory to prevent an rm -f /*. (Closes: #597704)
Checksums-Sha1: 
 0d8d76e3a3a350efac7831284c973a865daa0178 1862 openldap_2.4.23-6.dsc
 1d7b2bd179e4685b0d3c5a5fe0f27d85a11358eb 153478 openldap_2.4.23-6.diff.gz
 bd0cfcf8814a470ae58c090f27d4f130551c5b58 1585866 slapd_2.4.23-6_amd64.deb
 a49948122162c94867532064c6b729e05beccd92 57790 
slapd-smbk5pwd_2.4.23-6_amd64.deb
 a1fa3f2d840d3ddf23683a254ee53018f312d1bd 327966 ldap-utils_2.4.23-6_amd64.deb
 f00b197a383192ba30ee5590ff3fb9dc85efd1d0 209660 
libldap-2.4-2_2.4.23-6_amd64.deb
 a4dfabfd08d953b230078f9ea9bc54dc2b9e8161 306490 
libldap-2.4-2-dbg_2.4.23-6_amd64.deb
 2eef12973f42ab69c2e10e3f1a163ab04af47e08 912784 libldap2-dev_2.4.23-6_amd64.deb
 170fba34275399d2641440ccd68fa020df0ab567 4028778 slapd-dbg_2.4.23-6_amd64.deb
Checksums-Sha256: 
 480fcf1806ef60794a07b7109e2cde10844b5a623622918ba90cd7aee8f5a799 1862 
openldap_2.4.23-6.dsc
 196b073aa62c23ccc890c4ca480999f7541e95b016a1217a292f72685baa6e6f 153478 
openldap_2.4.23-6.diff.gz
 43b340eb19b9c400361c36e006f50d5f6ee32aa8ad63b0baaf1b2d9a4776e657 1585866 
slapd_2.4.23-6_amd64.deb
 448ffcf50b793f52b07343b882236da92f32272b0e927b71a9033a2c17dae13e 57790 
slapd-smbk5pwd_2.4.23-6_amd64.deb
 a33b5b19166f589708bb81931e12b35753c693eba7fa4994514d3973a1e05d09 327966 
ldap-utils_2.4.23-6_amd64.deb
 fe08218dc5ded865387fc11497b30dab0d27362752e17904473c3196ff7ae16c 209660 
libldap-2.4-2_2.4.23-6_amd64.deb
 783dfe57b3be4a85febff2e8bcd009c0ef86a65b20b5a4c8bac8e42da86b6176 306490 
libldap-2.4-2-dbg_2.4.23-6_amd64.deb
 a25cd31a46fd03a4add400997c99700e6332f29bd9ac88da5d45f0c10a0deb76 912784 
libldap2-dev_2.4.23-6_amd64.deb
 b19dace737f1d7a23ab15a730a1627ecafde9e2f422e37bc499e7b86bbb953f0 4028778 
slapd-dbg_2.4.23-6_amd64.deb
Files: 
 995ed047db1d03938b018c07f3c6b72d 1862 net optional openldap_2.4.23-6.dsc
 c338cd5f866e84c39fdc73907926579a 153478 net optional openldap_2.4.23-6.diff.gz
 4f95d02c362187bc2d4923de35e8be7a 1585866 net optional slapd_2.4.23-6_amd64.deb
 e80900f18114bde9e67e28b797e042c6 57790 net extra 
slapd-smbk5pwd_2.4.23-6_amd64.deb
 3901d01542902883d688a3a77d3c4fe6 327966 net optional 
ldap-utils_2.4.23-6_amd64.deb
 5473111d363455a31b0e61e3bcabaaac 209660 libs standard 
libldap-2.4-2_2.4.23-6_amd64.deb
 c2980cceaa65f0550d15e8153f409acb 306490 debug extra 
libldap-2.4-2-dbg_2.4.23-6_amd64.deb
 2d6142fdf82a45f8a532c4e855052ed8 912784 libdevel extra 
libldap2-dev_2.4.23-6_amd64.deb
 26489c62bddec14464c93b6e2b9bb4e3 4028778 debug extra 
slapd-dbg_2.4.23-6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkybFmUACgkQ2n1ROIkXqbBnlwCgroTCYQTm5ka8mz6M5N++/gau
HR4AniNB4UpAv0eZiCHTpv+SMP1B+RPQ
=pP7n
-----END PGP SIGNATURE-----

--- End Message ---

Bug#597704: marked as done (On upgrade to 2.4.23-5 an rm -f /* has been executed and crashed my whole system!)

Reply via email to