aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Dold <florian@dold.me>2021-07-31 16:47:33 +0200
committerFlorian Dold <florian@dold.me>2021-07-31 16:48:48 +0200
commit9b3442d2f84759594dbec7f8231d750fad649372 (patch)
tree138f1526026e23c87391162253fb3e08c7d3813c
parent532a51b7251bae27d4b0fb0b551f3c896a0dc50c (diff)
downloadgnunet-9b3442d2f84759594dbec7f8231d750fad649372.tar.gz
gnunet-9b3442d2f84759594dbec7f8231d750fad649372.zip
debian: Do not remove users/groups in postrm
Doing so is dangerous (UID/GID recycling!) from a security point of view. It should *never* be done automatically.
-rw-r--r--debian/changelog6
-rw-r--r--debian/gnunet.postrm24
2 files changed, 6 insertions, 24 deletions
diff --git a/debian/changelog b/debian/changelog
index 516530fbb..f8cb6ac6f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
1gnunet (0.14.1-10) unstable; urgency=low
2
3 * Do not remove users/groups in postrm.
4
5 -- Florian Dold <florian@dold.me> Sat, 31 Jul 2021 16:46:13 +0200
6
1gnunet (0.14.1-9) unstable; urgency=low 7gnunet (0.14.1-9) unstable; urgency=low
2 8
3 * Fix some bugs in configuration file parsing. 9 * Fix some bugs in configuration file parsing.
diff --git a/debian/gnunet.postrm b/debian/gnunet.postrm
index 2c3887202..93dac87d1 100644
--- a/debian/gnunet.postrm
+++ b/debian/gnunet.postrm
@@ -2,19 +2,6 @@
2 2
3set -e 3set -e
4 4
5pathfind() {
6 OLDIFS="$IFS"
7 IFS=:
8 for p in $PATH; do
9 if [ -x "$p/$*" ]; then
10 IFS="$OLDIFS"
11 return 0
12 fi
13 done
14 IFS="$OLDIFS"
15 return 1
16}
17
18remove_gns() { 5remove_gns() {
19 # abort if /etc/nsswitch.conf does not exist 6 # abort if /etc/nsswitch.conf does not exist
20 if ! [ -e /etc/nsswitch.conf ]; then 7 if ! [ -e /etc/nsswitch.conf ]; then
@@ -66,17 +53,6 @@ case "${1}" in
66 remove_gns 53 remove_gns
67 fi 54 fi
68 55
69 if pathfind deluser
70 then
71 deluser --quiet --system ${_USERNAME} || true
72 fi
73
74 if pathfind delgroup
75 then
76 delgroup --quiet --system --only-if-empty ${_GROUPNAME} || true
77 delgroup --quiet --system --only-if-empty ${GNUNETDNS_GROUP} || true
78 fi
79
80 rm -rf /var/log/gnunet.log /var/lib/gnunet /etc/default/gnunet 56 rm -rf /var/log/gnunet.log /var/lib/gnunet /etc/default/gnunet
81 ;; 57 ;;
82 58