[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#254068: marked as done (base-config log should not be world readable)

Your message dated Sat, 09 Jul 2005 09:32:03 -0400
with message-id <E1DrFR5-000817-00@newraff.debian.org>
and subject line Bug#254068: fixed in base-config 2.68
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 12 Jun 2004 19:06:53 +0000
>From vassilii@math.bgu.ac.il Sat Jun 12 12:06:53 2004
Return-path: <vassilii@math.bgu.ac.il>
Received: from mxout3.netvision.net.il [194.90.9.24] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BZDq4-0001jG-00; Sat, 12 Jun 2004 12:06:48 -0700
Received: from Ilmarinen ([217.132.6.13]) by mxout3.netvision.net.il
 (iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep  8 2003))
 with ESMTP id <0HZ700EPNME67L@mxout3.netvision.net.il> for
 submit@bugs.debian.org; Sat, 12 Jun 2004 22:06:06 +0300 (IDT)
Received: from vassilii by Ilmarinen with local (Exim 4.32)
	id 1BZDpN-0002DG-RM; Sat, 12 Jun 2004 22:06:05 +0300
Date: Sat, 12 Jun 2004 22:06:05 +0300
From: Vassilii Khachaturov <vassilii@tarunz.org>
Subject: base-config log should not be world readable
Sender: Vassilii Khachaturov <vassilii@math.bgu.ac.il>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Message-id: <E1BZDpN-0002DG-RM@Ilmarinen>
MIME-version: 1.0
X-Mailer: reportbug 2.61
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: base-config
Version: 2.25
Severity: normal
Tags: security

I believe that the base-config logs should not be world readable.
Some of the packages ask for passwords that are echoed back during
the configuration (e.g. pppoeconf), albeit stored later in files
not readable by the world.

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.25-1-686
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R

Versions of packages base-config depends on:
ii  adduser                 3.56             Add and remove users and groups
ii  apt                     0.5.25           Advanced front-end for dpkg
ii  aptitude                0.2.14-3         curses-based apt frontend
ii  bsdutils                1:2.12-3         Basic utilities from 4.4BSD-Lite
ii  console-data            2002.12.04dbs-40 Keymaps, fonts, charset maps, fall
ii  console-tools           1:0.2.3dbs-52    Linux console and font utilities
ii  debconf                 1.4.25           Debian configuration management sy
ii  debianutils             2.8.2            Miscellaneous utilities specific t
ii  gettext-base            0.14.1-2         GNU Internationalization utilities
ii  passwd                  1:4.0.3-28.3     Change and administer password and

-- debconf information:
  tzconfig/choose_country_zone_single: true
  base-config/menu/mta: 
  tzconfig/select_zone: 
  tzconfig/verify_choices: true
  tzconfig/choose_country_zone/BR: East
* base-config/intro: 
  apt-setup/security-updates: true
  apt-setup/another: false
  mirror/distribution: testing
  base-config/title: 
  base-config/menu/finish: 
  debian-installer/language: en
* apt-setup/mirror: ftp.freenet.de
  base-config/start-display-manager: true
  base-config/menu/apt-setup: 
  base-config/menu/keyboard: 
  tzconfig/title: 
  debian-installer/country: US
  apt-setup/directory: /pub/ftp.debian.org/debian/
* base-config/install-problem: 
* tzconfig/change_timezone: false
* base-config/pkgsel: tasksel - quickly choose from predefined collections of software
  base-config/menu/hostname: 
  apt-setup/cd/another: false
  apt-setup/non-free: false
  apt-setup/badedit: 
  apt-setup/non-us: true
  mirror/suite: testing
  apt-setup/baddir: 
  base-config/menu/pkgsel: 
  base-config/menu/apt-get: 
  base-config/menu/timezone: 
  base-config/menu/intro: 
  base-config/menu/passwd: 
  apt-setup/hostname: ftp.freenet.de
  base-config/menu/pon: 
* base-config/login: 
* tzconfig/gmt: true
  apt-setup/title: 
  mirror/http/proxy: 
  apt-setup/contrib: true
  apt-setup/non-us-failed: 
  base-config/main-menu: Set up users and passwords
* tzconfig/geographic_area: Asia
  apt-setup/cd/dev: /dev/cdrom
* apt-setup/country: Germany
  debian-installer/keymap: us
  apt-setup/badsource: 
  base-config/use-ppp: false
  apt-setup/uri_type: ftp
  tzconfig/choose_country_zone/US: Eastern
* base-config/get-hostname: ilmarinen
  apt-setup/not-mirror: 
  tzconfig/choose_country_zone_multiple: 
  tzconfig/choose_country_zone/CA: Eastern
  apt-setup/security-updates-failed: 
  base-config/menu/shell: 
  apt-setup/cd/bad: 
* base-config/invalid-hostname: 

---------------------------------------
Received: (at 254068-close) by bugs.debian.org; 9 Jul 2005 13:41:51 +0000
>From katie@ftp-master.debian.org Sat Jul 09 06:41:51 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DrFaZ-0006s2-00; Sat, 09 Jul 2005 06:41:51 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1DrFR5-000817-00; Sat, 09 Jul 2005 09:32:03 -0400
From: Joey Hess <joeyh@debian.org>
To: 254068-close@bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#254068: fixed in base-config 2.68
Message-Id: <E1DrFR5-000817-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Sat, 09 Jul 2005 09:32:03 -0400
Delivered-To: 254068-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 
X-CrossAssassin-Score: 5

Source: base-config
Source-Version: 2.68

We believe that the bug you reported is fixed in the latest version of
base-config, which is due to be installed in the Debian FTP archive:

base-config_2.68.dsc
  to pool/main/b/base-config/base-config_2.68.dsc
base-config_2.68.tar.gz
  to pool/main/b/base-config/base-config_2.68.tar.gz
base-config_2.68_all.deb
  to pool/main/b/base-config/base-config_2.68_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 254068@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Joey Hess <joeyh@debian.org> (supplier of updated base-config package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat,  9 Jul 2005 10:19:12 +0300
Source: base-config
Binary: base-config
Architecture: source all
Version: 2.68
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Joey Hess <joeyh@debian.org>
Description: 
 base-config - Debian base system configurator
Closes: 250789 251206 254068 258226 259150 259870 271145 271147
Changes: 
 base-config (2.68) unstable; urgency=low
 .
   [ Debconf translations ]
   * Bulgarian updated by Ognyan Kulev
 .
   [ Joey Hess ]
   * Finally applied Eugeniy Meshcheryakov's patch to remove charset setting,
     locale setting, etc from termwrap. All that stuff is done by other parts
     of d-i (and if it's not done properly will need to be fixed there).
     Termwrap remains only to support languages needing jfbterm and the like.
     Closes: #250789, #258226, #259150 (termwrap no longer breaks charset setup
     on exit)
     Closes: #271145, #271147 (cyr run removed so it no longer borks serial
     consoles)
   * Remove hardcoded paths in termwrap and base-config.
   * Other minor cleanups in termwrap.
   * No longer (re)set LANG at end of install. This is done by localechooser
     already. Closes: #251206, #259870
   * Use script -c instead of SHELL hack.
   * Make log mode 600 in case something sensitive gets into it.
     Closes: #254068
   * Deal with the required wraper not being present by falling back to
     English.
Files: 
 0013ea859b4fca04d113cc37654b5e2b 715 base important base-config_2.68.dsc
 1eae4f12de602aa10a9abccb28fd97a5 396492 base important base-config_2.68.tar.gz
 1fda9a00835d6d457a3993597959603f 328244 base important base-config_2.68_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCz85R2tp5zXiKP0wRAnDSAJ9hX5/wd0/D5MQ3hf1khdV08DFZRQCgy1Ri
df3gQvSadkR9KuIgPJq090s=
=GP7i
-----END PGP SIGNATURE-----
Reply to: