[Kolab-devel] [issue1609] "kolab --help" tries to execute *all* commands
T. Ribbrock
kolab-issues at intevation.de
Tue Feb 20 09:57:25 CET 2007
New submission from T. Ribbrock <itsef-admin at brightsight.com>:
kolab 2.1-rc1:
I just tried to run "kolab --help" on our server. First, it seemed to hang after
displaying
[...]
where <command> is one of the following commands:
Then, when I pressed ENTER a couple of times, "kolab" suddenly seemed to execute
*all* commands in a row, starting with adduser:
[...]
where <command> is one of the following commands:
adduser Please specify the firstname:
Please specify the lastname:
Please specify the email address:
Please specify the password:
Please specify the quota (kb):
You must specify a firstname
deluser User not found!
listusers NAME1 at DOM.AIN
NAME2 at DOM.AIN
NAME3 at DOM.AIN
[...]
NAMELAST at DOM.AIN
Can't exec "hostname": No such file or directory at
/kolab/lib/perl/vendor_perl/5.8.7/Kolab.pm line 228.
Can't exec "diff": No such file or directory at
/kolab/lib/perl/vendor_perl/5.8.7/Kolab/Conf.pm line 323.
Use of uninitialized value in scalar chomp at
/kolab/lib/perl/vendor_perl/5.8.7/Kolab/Conf.pm line 324.
Can't exec "diff": No such file or directory at
/kolab/lib/perl/vendor_perl/5.8.7/Kolab/Conf.pm line 323.
[...]
/kolab/bin/openpkg: line 109: sed: command not found
/kolab/bin/openpkg: line 121: sed: command not found
openpkg:ERROR: No such command "rc" found in command path
openpkg:ERROR: ().
openpkg:ERROR: Set ${OPENPKG_TOOLS_CMDPATH} appropriately.
openpkg:ERROR: Run "/kolab/bin/openpkg --help" for list of valid commands.
newconfig kolabconf - Kolab Configuration Generator
Version: 2.0.99
Copyright (c) 2004 Klaraelvdalens Datakonsult AB
Copyright (c) 2003 Code Fusion cc
Copyright (c) 2003 Tassilo Erlewein, Martin Konold, Achim Frank, erfrakon
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
services amavisd
[...]
And so on, and so on.
I remember using this command in the past (it definitely worked in 2.0.4, but I
can't remember about 2.1beta2). I had a quick glance at the command itself (a
shell script), but couldn't see any obvious things. I also compared the script
to the one from 2.1-beta2 and they are identical, so either the problem existed
then already or there is something else.
Given that I cannot assess how much damage this could do (it certainly LOOKS
dangerous to me), I rate this as critical, as a "--help" should *never* do
anything like this.
----------
messages: 9666
nosy: itsef_admin
priority: critical
status: unread
title: "kolab --help" tries to execute *all* commands
topic: kolab-2.1, server
________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://intevation.de/roundup/kolab/issue1609>
________________________________________________
More information about the devel
mailing list