Bug#254068: marked as done (base-config log should not be world readable)
Your message dated Sat, 09 Jul 2005 09:32:03 -0400
with message-id <E1DrFR5-000817-00@newraff.debian.org>
and subject line Bug#254068: fixed in base-config 2.68
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 12 Jun 2004 19:06:53 +0000
>From vassilii@math.bgu.ac.il Sat Jun 12 12:06:53 2004
Return-path: <vassilii@math.bgu.ac.il>
Received: from mxout3.netvision.net.il [194.90.9.24]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BZDq4-0001jG-00; Sat, 12 Jun 2004 12:06:48 -0700
Received: from Ilmarinen ([217.132.6.13]) by mxout3.netvision.net.il
(iPlanet Messaging Server 5.2 HotFix 1.21 (built Sep 8 2003))
with ESMTP id <0HZ700EPNME67L@mxout3.netvision.net.il> for
submit@bugs.debian.org; Sat, 12 Jun 2004 22:06:06 +0300 (IDT)
Received: from vassilii by Ilmarinen with local (Exim 4.32)
id 1BZDpN-0002DG-RM; Sat, 12 Jun 2004 22:06:05 +0300
Date: Sat, 12 Jun 2004 22:06:05 +0300
From: Vassilii Khachaturov <vassilii@tarunz.org>
Subject: base-config log should not be world readable
Sender: Vassilii Khachaturov <vassilii@math.bgu.ac.il>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Message-id: <E1BZDpN-0002DG-RM@Ilmarinen>
MIME-version: 1.0
X-Mailer: reportbug 2.61
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: base-config
Version: 2.25
Severity: normal
Tags: security
I believe that the base-config logs should not be world readable.
Some of the packages ask for passwords that are echoed back during
the configuration (e.g. pppoeconf), albeit stored later in files
not readable by the world.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.25-1-686
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R
Versions of packages base-config depends on:
ii adduser 3.56 Add and remove users and groups
ii apt 0.5.25 Advanced front-end for dpkg
ii aptitude 0.2.14-3 curses-based apt frontend
ii bsdutils 1:2.12-3 Basic utilities from 4.4BSD-Lite
ii console-data 2002.12.04dbs-40 Keymaps, fonts, charset maps, fall
ii console-tools 1:0.2.3dbs-52 Linux console and font utilities
ii debconf 1.4.25 Debian configuration management sy
ii debianutils 2.8.2 Miscellaneous utilities specific t
ii gettext-base 0.14.1-2 GNU Internationalization utilities
ii passwd 1:4.0.3-28.3 Change and administer password and
-- debconf information:
tzconfig/choose_country_zone_single: true
base-config/menu/mta:
tzconfig/select_zone:
tzconfig/verify_choices: true
tzconfig/choose_country_zone/BR: East
* base-config/intro:
apt-setup/security-updates: true
apt-setup/another: false
mirror/distribution: testing
base-config/title:
base-config/menu/finish:
debian-installer/language: en
* apt-setup/mirror: ftp.freenet.de
base-config/start-display-manager: true
base-config/menu/apt-setup:
base-config/menu/keyboard:
tzconfig/title:
debian-installer/country: US
apt-setup/directory: /pub/ftp.debian.org/debian/
* base-config/install-problem:
* tzconfig/change_timezone: false
* base-config/pkgsel: tasksel - quickly choose from predefined collections of software
base-config/menu/hostname:
apt-setup/cd/another: false
apt-setup/non-free: false
apt-setup/badedit:
apt-setup/non-us: true
mirror/suite: testing
apt-setup/baddir:
base-config/menu/pkgsel:
base-config/menu/apt-get:
base-config/menu/timezone:
base-config/menu/intro:
base-config/menu/passwd:
apt-setup/hostname: ftp.freenet.de
base-config/menu/pon:
* base-config/login:
* tzconfig/gmt: true
apt-setup/title:
mirror/http/proxy:
apt-setup/contrib: true
apt-setup/non-us-failed:
base-config/main-menu: Set up users and passwords
* tzconfig/geographic_area: Asia
apt-setup/cd/dev: /dev/cdrom
* apt-setup/country: Germany
debian-installer/keymap: us
apt-setup/badsource:
base-config/use-ppp: false
apt-setup/uri_type: ftp
tzconfig/choose_country_zone/US: Eastern
* base-config/get-hostname: ilmarinen
apt-setup/not-mirror:
tzconfig/choose_country_zone_multiple:
tzconfig/choose_country_zone/CA: Eastern
apt-setup/security-updates-failed:
base-config/menu/shell:
apt-setup/cd/bad:
* base-config/invalid-hostname:
---------------------------------------
Received: (at 254068-close) by bugs.debian.org; 9 Jul 2005 13:41:51 +0000
>From katie@ftp-master.debian.org Sat Jul 09 06:41:51 2005
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DrFaZ-0006s2-00; Sat, 09 Jul 2005 06:41:51 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DrFR5-000817-00; Sat, 09 Jul 2005 09:32:03 -0400
From: Joey Hess <joeyh@debian.org>
To: 254068-close@bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#254068: fixed in base-config 2.68
Message-Id: <E1DrFR5-000817-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Sat, 09 Jul 2005 09:32:03 -0400
Delivered-To: 254068-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 5
Source: base-config
Source-Version: 2.68
We believe that the bug you reported is fixed in the latest version of
base-config, which is due to be installed in the Debian FTP archive:
base-config_2.68.dsc
to pool/main/b/base-config/base-config_2.68.dsc
base-config_2.68.tar.gz
to pool/main/b/base-config/base-config_2.68.tar.gz
base-config_2.68_all.deb
to pool/main/b/base-config/base-config_2.68_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 254068@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Joey Hess <joeyh@debian.org> (supplier of updated base-config package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 9 Jul 2005 10:19:12 +0300
Source: base-config
Binary: base-config
Architecture: source all
Version: 2.68
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Joey Hess <joeyh@debian.org>
Description:
base-config - Debian base system configurator
Closes: 250789 251206 254068 258226 259150 259870 271145 271147
Changes:
base-config (2.68) unstable; urgency=low
.
[ Debconf translations ]
* Bulgarian updated by Ognyan Kulev
.
[ Joey Hess ]
* Finally applied Eugeniy Meshcheryakov's patch to remove charset setting,
locale setting, etc from termwrap. All that stuff is done by other parts
of d-i (and if it's not done properly will need to be fixed there).
Termwrap remains only to support languages needing jfbterm and the like.
Closes: #250789, #258226, #259150 (termwrap no longer breaks charset setup
on exit)
Closes: #271145, #271147 (cyr run removed so it no longer borks serial
consoles)
* Remove hardcoded paths in termwrap and base-config.
* Other minor cleanups in termwrap.
* No longer (re)set LANG at end of install. This is done by localechooser
already. Closes: #251206, #259870
* Use script -c instead of SHELL hack.
* Make log mode 600 in case something sensitive gets into it.
Closes: #254068
* Deal with the required wraper not being present by falling back to
English.
Files:
0013ea859b4fca04d113cc37654b5e2b 715 base important base-config_2.68.dsc
1eae4f12de602aa10a9abccb28fd97a5 396492 base important base-config_2.68.tar.gz
1fda9a00835d6d457a3993597959603f 328244 base important base-config_2.68_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCz85R2tp5zXiKP0wRAnDSAJ9hX5/wd0/D5MQ3hf1khdV08DFZRQCgy1Ri
df3gQvSadkR9KuIgPJq090s=
=GP7i
-----END PGP SIGNATURE-----
Reply to: