Installing memcached package creates /nonexistent

Bug #1255328 reported by Dustin Lundquist
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
memcached (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

memcached package creates /nonexistant which should not exist:

[dustin@lilthing ~]$ ls /
bin boot cdrom dev etc home initrd.img initrd.img.old lib lib64 lost+found media mnt opt proc root run sbin srv sys tmp usr var vmlinuz vmlinuz.old
[dustin@lilthing ~]$ sudo apt-get install memcached
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  libcache-memcached-perl libmemcached
The following NEW packages will be installed:
  memcached
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/76.3 kB of archives.
After this operation, 228 kB of additional disk space will be used.
Selecting previously unselected package memcached.
(Reading database ... 243247 files and directories currently installed.)
Unpacking memcached (from .../memcached_1.4.14-0ubuntu4_amd64.deb) ...
Processing triggers for man-db ...
Processing triggers for ureadahead ...
Setting up memcached (1.4.14-0ubuntu4) ...
Starting memcached: memcached.
Processing triggers for ureadahead ...
[dustin@lilthing ~]$ ls /
bin boot cdrom dev etc home initrd.img initrd.img.old lib lib64 lost+found media mnt nonexistent opt proc root run sbin srv sys tmp usr var vmlinuz vmlinuz.old

ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: memcached 1.4.14-0ubuntu4
ProcVersionSignature: Ubuntu 3.11.0-13.20-generic 3.11.6
Uname: Linux 3.11.0-13-generic x86_64
ApportVersion: 2.12.5-0ubuntu2.1
Architecture: amd64
Date: Tue Nov 26 14:08:48 2013
EcryptfsInUse: Yes
InstallationDate: Installed on 2013-10-08 (49 days ago)
InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Beta amd64 (20130925.1)
MarkForUpload: True
SourcePackage: memcached
UpgradeStatus: No upgrade log present (probably fresh install)

CVE References

Revision history for this message
Dustin Lundquist (dlundquist) wrote :
Revision history for this message
Dustin Lundquist (dlundquist) wrote :
description: updated
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "memcached-no-create-home.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Yolanda Robla (yolanda.robla) wrote :

Tested with saucy, same memcached version, and that directory is created.

Changed in memcached (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Dustin Lundquist (dlundquist) wrote :

Checked upstream Debian package (memcached_1.4.13-0.2), it does not create a memcached user and does not exhibit this problem.

Revision history for this message
Dustin Lundquist (dlundquist) wrote :

Tested with trusty, still creates /nonexistant on install.

tags: added: trusty
summary: - Memcached package creates /nonexistent/
+ Installing memcached package creates /nonexistent
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package memcached - 1.4.14-0ubuntu9

---------------
memcached (1.4.14-0ubuntu9) trusty; urgency=low

  * SECURITY UPDATE: denial of service via large body length
    - debian/patches/CVE-2011-4971.patch: check length in memcached.c,
      added test to t/issue_192.t.
    - CVE-2011-4971
  * SECURITY UPDATE: denial of service when using -vv
    - debian/patches/CVE-2013-0179.patch: properly format key in items.c,
      memcached.c.
    - CVE-2013-0179
  * SECURITY UPDATE: SASL authentication bypass
    - debian/patches/CVE-2013-7239.patch: explicitly record sasl auth
      states in memcached.*, added test to t/binary-sasl.t.
    - CVE-2013-7239
  * debian/memcached.postinst: don't create home directory so we don't end
    up with /nonexistent. Thanks to Dustin Lundquist for patch.
    (LP: #1255328)
 -- Marc Deslauriers <email address hidden> Mon, 13 Jan 2014 15:48:48 -0500

Changed in memcached (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.