[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#527057: marked as done (console-setup: insecure tempfile handling)

Your message dated Tue, 05 May 2009 13:32:04 +0000
with message-id <E1M1Kke-0006A0-RG@ries.debian.org>
and subject line Bug#527057: fixed in console-setup 1.34
has caused the Debian Bug report #527057,
regarding console-setup: insecure tempfile handling
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
527057: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527057
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: console-setup
Version: 1.33
Severity: grave
User: ubuntu-devel@lists.ubuntu.com
Usertags: origin-ubuntu karmic

While merging console-setup 1.33 into Ubuntu, I happened to notice that
debian/config.proto contains a few instances of code like this:

            echo unsupported_layout=$unsupported_layout >>/tmp/cslog # asdf

We can't leave this sort of thing in packages uploaded to the archive,
IMO; that means that any local user on a system they know is likely to
be upgraded soon can create a symlink called /tmp/cslog and have root
overwrite any file they like. (Admittedly they can only get root to
write out rather specific text to that file, but it would still be
enough to break the system if they just wanted to be randomly
destructive.)

Anton, I'm filing this bug rather than just correcting it because I'm
not sure what you want to achieve here. Was it just code you committed
by accident, or do you explicitly want to have extra logging in the
package? If the latter, I'd suggest perhaps calls to logger(1) guarded
by an environment variable.

Thanks,

-- 
Colin Watson                                       [cjwatson@ubuntu.com]

--- End Message ---
--- Begin Message --- 
Source: console-setup
Source-Version: 1.34

We believe that the bug you reported is fixed in the latest version of
console-setup, which is due to be installed in the Debian FTP archive:

bdf2psf_1.34_all.deb
  to pool/main/c/console-setup/bdf2psf_1.34_all.deb
console-setup-amiga-ekmap_1.34_all.udeb
  to pool/main/c/console-setup/console-setup-amiga-ekmap_1.34_all.udeb
console-setup-ataritt-ekmap_1.34_all.udeb
  to pool/main/c/console-setup/console-setup-ataritt-ekmap_1.34_all.udeb
console-setup-fonts-udeb_1.34_all.udeb
  to pool/main/c/console-setup/console-setup-fonts-udeb_1.34_all.udeb
console-setup-macintoshold-ekmap_1.34_all.udeb
  to pool/main/c/console-setup/console-setup-macintoshold-ekmap_1.34_all.udeb
console-setup-mini_1.34_all.deb
  to pool/main/c/console-setup/console-setup-mini_1.34_all.deb
console-setup-pc-ekmap_1.34_all.udeb
  to pool/main/c/console-setup/console-setup-pc-ekmap_1.34_all.udeb
console-setup-sun4-ekmap_1.34_all.udeb
  to pool/main/c/console-setup/console-setup-sun4-ekmap_1.34_all.udeb
console-setup-sun5-ekmap_1.34_all.udeb
  to pool/main/c/console-setup/console-setup-sun5-ekmap_1.34_all.udeb
console-setup-udeb_1.34_all.udeb
  to pool/main/c/console-setup/console-setup-udeb_1.34_all.udeb
console-setup_1.34.dsc
  to pool/main/c/console-setup/console-setup_1.34.dsc
console-setup_1.34.tar.gz
  to pool/main/c/console-setup/console-setup_1.34.tar.gz
console-setup_1.34_all.deb
  to pool/main/c/console-setup/console-setup_1.34_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 527057@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Anton Zinoviev <zinoviev@debian.org> (supplier of updated console-setup package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 05 May 2009 15:05:21 +0300
Source: console-setup
Binary: console-setup console-setup-mini bdf2psf console-setup-udeb console-setup-amiga-ekmap console-setup-ataritt-ekmap console-setup-macintoshold-ekmap console-setup-pc-ekmap console-setup-sun4-ekmap console-setup-sun5-ekmap console-setup-fonts-udeb
Architecture: source all
Version: 1.34
Distribution: unstable
Urgency: medium
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Anton Zinoviev <zinoviev@debian.org>
Description: 
 bdf2psf    - font converter to generate console fonts from BDF source fonts
 console-setup - console font and keymap setup program
 console-setup-amiga-ekmap - encoded keyboard layouts for Amiga keyboards (udeb)
 console-setup-ataritt-ekmap - encoded keyboard layouts for Atari TT keyboards (udeb)
 console-setup-fonts-udeb - console fonts for Debian Installer (udeb)
 console-setup-macintoshold-ekmap - encoded keyboard layouts for old-style Macintosh keyboards (udeb)
 console-setup-mini - console font and keymap setup program - reduced version
 console-setup-pc-ekmap - encoded keyboard layouts for PC keyboards (udeb)
 console-setup-sun4-ekmap - encoded keyboard layouts for Sun4 keyboards (udeb)
 console-setup-sun5-ekmap - encoded keyboard layouts for Sun5 keyboards (udeb)
 console-setup-udeb - Configure the keyboard (udeb)
Closes: 527057
Changes: 
 console-setup (1.34) unstable; urgency=medium
 .
   [ Colin Watson ]
   * Fix bashism.
 .
   [ Anton Zinoviev ]
   * Remove committed by mistake debugging code.  Thanks to Colin Watson,
     closes: #527057.
   * Another attempt to fix properly #526862 (still not good for people
     using the combination OADG 109A + kana).
Checksums-Sha1: 
 549d8296940ce4dbf58c32b17f9d4a6428b3679a 1209 console-setup_1.34.dsc
 3072183021e159eeed3fea25c3032484d2bea07a 2299289 console-setup_1.34.tar.gz
 647720f3d537106af92e37b1e0c3f6e93ac3d5d9 473466 console-setup_1.34_all.deb
 19c62fbdb7df68b91565c0c1824d14a245e638a5 718106 console-setup-mini_1.34_all.deb
 c20185848f0a7014075bc39b10f50a0abac009b6 38338 bdf2psf_1.34_all.deb
 61de15aa4f5fa5bfb7b4b48d9b54554bda24fcd4 60174 console-setup-udeb_1.34_all.udeb
 5dadeb27e2dd9739596ef06d3014c6e95d27802e 101938 console-setup-amiga-ekmap_1.34_all.udeb
 c735c449fe71c462938e3c9679355907de7a1547 100960 console-setup-ataritt-ekmap_1.34_all.udeb
 b567a6aeb1a5053e4b13daa6a5425be624268490 79778 console-setup-macintoshold-ekmap_1.34_all.udeb
 9fa4c0b15be222d432b0bacc4f4b75da3c1be04c 104296 console-setup-pc-ekmap_1.34_all.udeb
 5dbad4278f2adf7d69c3aaa9a6621bf821c8ded4 101852 console-setup-sun4-ekmap_1.34_all.udeb
 a44bf40453123557ac367fadb9d2cd48ee76cf45 102010 console-setup-sun5-ekmap_1.34_all.udeb
 db52ca9b2b0626f5b165daf2f58fc7bf00c49290 51690 console-setup-fonts-udeb_1.34_all.udeb
Checksums-Sha256: 
 66668ac21849cbef8c1174da0d3ad19ff822edf7933f5f58e42c1589c8e1a623 1209 console-setup_1.34.dsc
 90ca5eb9852ea000522953644b5daf3db37391548d98c8b30e1fa2320929721d 2299289 console-setup_1.34.tar.gz
 4dfdc85557bc94b5210ca19a781b166d98a6d7853b8d95554c7c6d2ac8e6db99 473466 console-setup_1.34_all.deb
 48f4229bc2044259864608c0e9863964e4e8941bf2cac3e8f94dcc9ab4ce8329 718106 console-setup-mini_1.34_all.deb
 0fc1661a83b25821eae1beeb249a9498bca503c728e6373239d43303fb48d848 38338 bdf2psf_1.34_all.deb
 2bbd7db61875e5974ce30bee055093c74aa6872884b9489d1a8ccd43e863b7b4 60174 console-setup-udeb_1.34_all.udeb
 1ad641cd289ab3cfeb90efc73c1df61c26850876d6602b908f243733983b5a1a 101938 console-setup-amiga-ekmap_1.34_all.udeb
 dc43ff75a830def02d9ec0d86c58d36550f090470614bddb04372f5049b50396 100960 console-setup-ataritt-ekmap_1.34_all.udeb
 5031063ddaa7edab12ac0ff3b827c882292349a9ffa4a323317d9be9d7793622 79778 console-setup-macintoshold-ekmap_1.34_all.udeb
 c89069c6f5b916d4771de080ed64daffb1dc85ce8f9586f97e9fa6e15ab1932c 104296 console-setup-pc-ekmap_1.34_all.udeb
 5b08560593fc52c3b61997fa55a9bbb5f3ff5b37043439ac69ed1c48822ada13 101852 console-setup-sun4-ekmap_1.34_all.udeb
 745d247421abcf3c6367c22750f3e80d08a312527e6fd263d9368b5e94108fc9 102010 console-setup-sun5-ekmap_1.34_all.udeb
 4b05bdff1e1782e63497cc078118459a743da5e7e8a6dfa77cc2bd232f390970 51690 console-setup-fonts-udeb_1.34_all.udeb
Files: 
 c0bdb891b766a44273d3d8e71131c0ab 1209 utils optional console-setup_1.34.dsc
 f191582f2ced591e9206468313e97fcd 2299289 utils optional console-setup_1.34.tar.gz
 ff098897806bf70fd3817a0de5ae258e 473466 utils optional console-setup_1.34_all.deb
 4d20cd7a5aaeba30c74af0d351739418 718106 utils extra console-setup-mini_1.34_all.deb
 c3cd010e1843b30d63cea3d39c42f63a 38338 utils optional bdf2psf_1.34_all.deb
 b5c9e322fcb80471b4a78721daafd712 60174 debian-installer extra console-setup-udeb_1.34_all.udeb
 d0b7b851107dda038415fb94e723430c 101938 debian-installer extra console-setup-amiga-ekmap_1.34_all.udeb
 47b5ec86b8abbb129acb1d032263a361 100960 debian-installer extra console-setup-ataritt-ekmap_1.34_all.udeb
 d5b9cd733b59a7787437cd69841bdcdc 79778 debian-installer extra console-setup-macintoshold-ekmap_1.34_all.udeb
 b3b213ec88a4e8f08c4feb5090e6a5c5 104296 debian-installer extra console-setup-pc-ekmap_1.34_all.udeb
 8dcee6417137074ef332f84f032bf4ed 101852 debian-installer extra console-setup-sun4-ekmap_1.34_all.udeb
 89927654f5341d70cd391c0e69088d27 102010 debian-installer extra console-setup-sun5-ekmap_1.34_all.udeb
 b31a4f2fc35573086b0f98080c34d5f1 51690 debian-installer extra console-setup-fonts-udeb_1.34_all.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKAD3zJP1eZJv0KwcRAg0OAJ9sPeIcqWWTity6Jf08TIpoxwn64ACcD3uP
5lxxYaop5E3dfuvVgQNXWjE=
=IuQq
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: