Microsoft fixed yesterday a faulty Debian package that was messing with users’ OS settings during its installation routine.
The faulty package that was causing all the problems was Open R v3.5. Open R is an enhanced version of the R programming language maintained by Microsoft.
According to Norbert Preining, a mathematician living in Japan, version 3.5 of Microsoft’s Debian package for Open R contained an unsafe install and uninstall scripts that modified system-wide settings, a big no-no in the realm of Linux packages.
Faulty package relinked Bash
The faulty package forcibly relinked /bin/sh to /bin/bash, which would be an issue if users had relinked /bin/sh to another shell such as dash, resulting in overwriting the user’s local settings.
Furthermore, the package also forcibly removed /usr/bin/R and /usr/bin/Rscript without checking whether this was the path of the R language version the package was supposed to operate with. This would be an issue as well, if the user had installed different versions of the R language on the same PC.
Preining informed the Microsoft team of the issues on Monday via the company’s forum. The Microsoft R team released a hotfix yesterday. The hotfix has been incorporated in the Open R Debian package. The version number remained the same, meaning users will have to re-download and install the package.
“While we work hard to be a good steward in all the open source communities we participate in, this one did not stand up to the community’s or our high expectations,” a Microsoft spokesperson said.
“We have put processes in place to help us fix things like this as soon as they are discovered (this issue was identified in 2016 but wasn’t fixed) and named individuals have been identified to monitor and address any issues as soon as possible. We are lucky at Microsoft to have many experienced Linux contributors at our company, and we will do better at getting their input going forward,” Microsoft added.
Microsoft is single largest contributor to open source on GitHub . According to GitHub, Microsoft has the largest open source community in the entire world with Visual Studio Code. if this is a surprise, you weren’t paying attention 😉 #msbuild
— Mary Branscombe (@marypcbuk) May 7, 2018