Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-8502

debian packaging postinst follows symlinks and chowns system files


    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • other
    • None
    • Debian or Ubuntu using .debs provided by hudson labs.

      The hudson debian package postinst script has a find command which chowns files in /var/lib/hudson to the hudson user. The find command as currently written follows symlinks, which means if there are symlinks to system files (like are frequently found in python virtualenv build environments), the dpkg process, which runs as root, winds up chowning files in system locations (like /usr/lib/python) to be owned by hudson.

      This is obviously uncool.

      I've got a patch which fixes it - will submit a pull request in just a sec.

            sdirector Monty Taylor
            sdirector Monty Taylor
            0 Vote for this issue
            0 Start watching this issue