Package: tkdesk
Version: 1.2-3

The tkdesk file browser will cause an instant crash of tkdesk if it
the user tries to open a directory that is owned by a user not listed in
/etc/passwd.

For instance, I apt-get source linuxlogo  in /usr/src. The ownership of
the resulting directory is 501.users. There is no user on the system
corresponding to 501 in /etc/passwd. Trying to open/read that directory
with the browser results in tkdesk crashing.

Another user suggested that tkdesk may not be checking the return value
of a lookup on the passwd database and then tries to dereference a
pointer that has no data (NULL).

"Eric G . Miller" <egm2@jps.net> writes:

I can't reproduce this; I have a directory in /tmp that's owned like
this:
cush:/tmp$ ls -lR foo
foo:
total 1
drwxr-xr-x    3 509      martind      1024 Feb 14 10:16 bar/

foo/bar:
total 1
drwxr-xr-x    2 501      martind      1024 Feb 14 10:16 baz/

foo/bar/baz:
total 0

And I can open up baz just fine.  I even went and did an apt-get
source of linuxlogo (and incidentally, it's probably generally a good
idea to not run apt-get source as root, since you don't need to), and
I can view all of those directories just fine, even though most of
them are owned by 501.users.  I've also inspected the parts in tkdesk
that use getpw* functions (it's isolated in one file), and it checks
for that null pointer.

Could you send me a core dump, or at least the result of an strace on
tkdesk that shows this crash?  (to get a good strace, I suggest you
stop tkdesk and restart it with
strace -f -ostrace.out tkdesksh /usr/bin/X11/tkdesk
and then procede to just opening the browser window to the directory
that causes it to crash and burn)