Your message dated Fri, 9 Jun 2023 22:56:37 +0200 with message-id <72aebf32-0dda-b289-3fec-86c46b7a84e9@debian.org> and subject line Re: Bug#1007998: release-notes: netcat-openbsd incompatibilities has caused the Debian Bug report #1007998, regarding release-notes: netcat-openbsd incompatibilities to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1007998: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1007998 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: release-notes: netcat-openbsd incompatibilities
- From: Guilhem Moulin <guilhem@debian.org>
- Date: Sun, 20 Mar 2022 11:40:44 +0100
- Message-id: <YjcErFuJtammNVk9@debian.org>
Package: release-notes Severity: wishlist Hi there, netcat-openbsd 1.218-5 adds support for abstract sockets (on Linux), which is a breaking change with possible security implications: https://sources.debian.org/src/netcat-openbsd/1.218-5/debian/NEWS/ . elbrus suggested to mention that in the Bookworm release notes; I propose the following text, mostly straight from the NEWS entry — feel free to adjust of course :-) --8<--------------------------------------------------------------------->8-- netcat-openbsd and abstract socket support ========================================== Starting with netcat-openbsd 1.218-5, nc.openbsd(1)'s Linux builds support [abstract namespace sockets](https://manpages.debian.org/unix.7.en.html#Abstract_sockets) in the AF_UNIX family. Socket paths starting with an at symbol '@' are interpreted in the abstract namespace. This has possible security implications: `nc -lU @foobar.sock` used to bind pathname socket '@foobar.sock' in the current directory, subject to umask and file system access restrictions, while (on Linux) it now binds 'foobar.sock' in the abstract namespace where ownership and permissions have *no meaning*. In order to specify a pathname socket make sure the argument doesn't start with '@'; for instance by prefixing with './' or by using a fully-qualified socket path. (Note however that on Linux socket pathnames may not exceed 108 bytes in size.) This change is a Linux-only behavior, and only affects UNIX domain sockets (flag '-U'). --8<--------------------------------------------------------------------->8-- Cheers -- Guilhem.Attachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: Guilhem Moulin <guilhem@debian.org>, 1007998-done@bugs.debian.org
- Subject: Re: Bug#1007998: release-notes: netcat-openbsd incompatibilities
- From: Paul Gevers <elbrus@debian.org>
- Date: Fri, 9 Jun 2023 22:56:37 +0200
- Message-id: <72aebf32-0dda-b289-3fec-86c46b7a84e9@debian.org>
- In-reply-to: <YjcErFuJtammNVk9@debian.org>
- References: <YjcErFuJtammNVk9@debian.org>
Hi, On 20-03-2022 11:40, Guilhem Moulin wrote:netcat-openbsd 1.218-5 adds support for abstract sockets (on Linux), which is a breaking change with possible security implications: https://sources.debian.org/src/netcat-openbsd/1.218-5/debian/NEWS/ .I just tagged this for merging. PaulAttachment: OpenPGP_signature
Description: OpenPGP digital signature
--- End Message ---