[openvas-development] Notification from openvas-core

[Flyspray]

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

The following task has been changed.  The new details are below.  For
full information about what has changed, visit the URL and click the
History tab.

FS#3 - Improper use of localstatedir
User who did this: - Tim Brown (timb)

Attached to Project - openvas-core
Summary - Improper use of localstatedir
Task Type - Bug Report
Category - Build
Status - New
Assigned To - 
Operating System - All
Severity - Low
Priority - Normal
Reported Version - CVS-timb
Due in Version - 
Due Date - Undecided
Percent Complete - 0%
Details - There seems to me a consistant misuse of autoconf
"localstatedir" variable. It is traditionally seen that localstatedir
be $prefix/var if not supplied. In the following example from
nessus-adduser.in there are two issues. One being that if $localstate
dir was $prefix/var  then this would create $prefix/var/lib/nesuss.
And the second being that nessus-adduser.in is broken. If in this case
the auth type is "pass" and MD5 is not present, it will make an auth
password in an entirely different tree then if it did have MD5

        echo $H $SEED >
"$localstatedir/lib/nessus/users/$login/auth/hash"
    else
        echo "$password" >
"$localstatedir/nessus/users/$login/auth/password"


More information can be found at the following URL:
http://bugs.openvas.org/?do=details&id=3

You are receiving this message because you have requested it from the
Flyspray bugtracking system.  You can be removed from future
notifications by visiting the URL shown above.