RHBA-2008:0130 - Bug Fix Advisory

Topic

An updated setup package that fixes several bugs and adds an enhancement is
now available.

Description

The setup package contains a set of important system configuration and
setup files, such as passwd, group, and profile.

This updated package fixes the following bugs:

• when tcsh was the default shell, the behavior differed from that of the

bash shell, with regards to login and interactive shells. The
"/etc/profile.d/*.csh" scripts were sourced from "/etc/csh.cshrc", which
caused all "/etc/profile.d/*.csh" scripts to be executed for all tcsh
shells, instead of only interactive shells. In this updated package, the
"/etc/profile.d/*.csh" scripts are sourced from "/etc/csh.login", and
"/etc/csh.cshrc" for interactive shells, which resolves this issue.

• when using tcsh as the default shell, the "less" command broke when a

startup script produced output. For example, if a "/etc/profile.d/*.csh"
script contained the "echo test" command, then, after start up, running the
"less /etc/hosts" command returned the "test" output, instead of the
"/etc/hosts" file. In this updated package, the "/etc/profile.d/*.csh"
scripts are sourced from "/etc/csh.login", and "/etc/csh.cshrc" for
interactive shells, which resolves this issue.

• the entry for the "news" user did not contain a login shell. This allowed

a password to be set, and would permit users to log in using this account.
In this updated package, the login shell for the "news" user is correctly
set to "/sbin/nologin". Note: this only affects new installations, or
installations where the inn package (InterNetNews) will be installed after
applying this update.

As well, this updated package adds the following enhancement:

• the documentation in the "/etc/hosts.allow" and "/etc/hosts.deny" files

was outdated, and in some cases, misleading. In this updated package, the
documentation in these files has been updated, which adds more information
and clearer instructions regarding their use.

Users of setup are advised to upgrade to this updated package, which
resolves these issues and adds this enhancement.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

• Red Hat Enterprise Linux Server 4 x86_64
• Red Hat Enterprise Linux Server 4 ia64
• Red Hat Enterprise Linux Server 4 i386
• Red Hat Enterprise Linux Workstation 4 x86_64
• Red Hat Enterprise Linux Workstation 4 ia64
• Red Hat Enterprise Linux Workstation 4 i386
• Red Hat Enterprise Linux Desktop 4 x86_64
• Red Hat Enterprise Linux Desktop 4 i386
• Red Hat Enterprise Linux for IBM z Systems 4 s390x
• Red Hat Enterprise Linux for IBM z Systems 4 s390
• Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

• BZ - 157053 - Picky: Slightly more info in /etc/hosts.allow and /etc/hosts.deny
• BZ - 191233 - make tcsh behave like bash
• BZ - 202468 - less breaks if its startup script outputs anything
• BZ - 229472 - news account has no login shell

CVEs

(none)

References

(none)