[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#23867: Critical permissions bug on /lib and /tmp

You guys have have already seen this, but I thought I'd forward it along
anyway.  Since it's not attached to any specific package, the bug report
could easily get forgotten about.

	http://www.debian.org/Bugs/db/23/23867.html

                                          Brian
                                 ( bcwhite@verisim.com )

-------------------------------------------------------------------------------
                    No man dies except he who has not lived.
Title: Debian bug report logs - #23867

Debian bug report logs - #23867
Critical permissions bug on /lib and /tmp

Package: general; Severity: critical; Reported by: dcinege@psychosis.com; dated Wed, 24 Jun 1998 20:33:01 GMT; Maintainer for general is debian-devel@lists.debian.org.
Bug assigned to package `general'. Request was from jdassen@wi.leidenuniv.nl to control@bugs.debian.org. Full text available.

Message received at submit@bugs.debian.org:


Received: (at submit) by bugs.debian.org; 24 Jun 1998 20:32:30 +0000
Received: (qmail 7762 invoked from network); 24 Jun 1998 20:32:30 -0000
Received: from cc491161-a.avnl1.nj.home.com (HELO schizo.psychosis.com) (24.3.133.48)
  by debian.novare.net with SMTP; 24 Jun 1998 20:32:30 -0000
Received: from zen-machine.psychosis.com (psychosis.com) [192.168.5.34] (root)
	by schizo.psychosis.com with esmtp (Exim 1.92 #1)
	id 0yowHL-0000Oc-00 (Debian); Wed, 24 Jun 1998 16:36:27 -0400
Sender: root
Message-ID: <35916373.F90C2A64@psychosis.com>
Date: Wed, 24 Jun 1998 16:37:07 -0400
From: Dave Cinege <dcinege@psychosis.com>
Reply-To: dcinege@psychosis.com
Organization: www.psychosis.com
X-Mailer: Mozilla 4.05 [en] (X11; U; Linux 2.0.34 i686)
MIME-Version: 1.0
To: mbaker@iee.org, maor@debian.org, submit@bugs.debian.org
Subject: Critical permissions bug on /lib and /tmp
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Severity: critical

Sorry I am unable to provide an exact package or version, since I did a batch
upgrade last night. I only know that it was caused by a package added to /hamm
within the last week (probably the last 2-3 days)

The offending package chmod 750 /lib, screwing up everything not run as root.
(bash, exim, cgi-bin, user accounts, etc, etc)
I also noticed on one of the systems I upgraded, /tmp was changed to 750.
/tmp should be 1777.

These brought my mutiuser server down to it's knees...  : P

-- 
http://www.psychosis.com/emc/		Elite MicroComputers   732-541-4214 
http://www.psychosis.com/linux-router/	Linux Router Project 
 
SIC SEMPER SPAMMER!!
Acknowledgement sent to dcinege@psychosis.com:
New bug report received and forwarded.

Your message didn't have a Package: line at the start (in the pseudo-header following the real mail header), or didn't have a psuedo-header at all.

This makes it much harder for us to categorise and deal with your problem report; please ensure that you say which package(s) and version(s) the problem is with next time. Some time in the future the problem reports system may start rejecting such messages.

Full text available.

Report forwarded to debian-bugs-dist@lists.debian.org:
Bug#23867. Full text available.
Ian Jackson / owner@bugs.debian.org, through the Debian bug database
Last modified: 08:39:00 GMT Thu 25 Jun (timestamp page available).
Reply to: