Bug#257504: marked as done (User can chown/chmod files in /proc)
Your message dated Thu, 08 Jul 2004 03:47:41 -0400
with message-id <E1BiTd7-00075w-00@newraff.debian.org>
and subject line Bug#257504: fixed in kernel-source-2.6.7 2.6.7-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 3 Jul 2004 21:50:49 +0000
>From joerg@devone.org Sat Jul 03 14:50:49 2004
Return-path: <joerg@devone.org>
Received: from home.nightdaughter.de [194.95.224.141]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BgsPI-0002mj-00; Sat, 03 Jul 2004 14:50:49 -0700
Received: from hydra.joerghoh.de (hydra.joerghoh.de [192.168.0.14])
by home.nightdaughter.de (Postfix) with SMTP id 47C2F170029
for <submit@bugs.debian.org>; Sat, 3 Jul 2004 23:50:46 +0200 (CEST)
Received: by hydra.joerghoh.de (sSMTP sendmail emulation); Sat, 3 Jul 2004 23:50:47 +0200
From: "Joerg Hoh" <joerg@devone.org>
Date: Sat, 3 Jul 2004 23:50:47 +0200
To: submit@bugs.debian.org
Subject: User can chown/chmod files in /proc
Message-ID: <[🔎] 20040703215047.GA8244@hydra.joerghoh.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.5.6i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: kernel-source-2.6.7
Version: 2.6.7
A user with a local account can change the owner and the permissions of
files in /proc. Affected is at least kernel 2.6.7, but possibly all 2.6.x
kernels.
hydra proc $ cd /proc
hydra proc $ ls -la config.gz
-r--r--r-- 1 root root 6354 3. Jul 23:25 config.gz
hydra proc $ chown joerg config.gz
hydra proc $ ls -la config.gz
-r--r--r-- 1 joerg root 6354 3. Jul 23:25 config.gz
hydra proc $ chown root config.gz
hydra proc $ ls -la config.gz
-r--r--r-- 1 root root 6354 3. Jul 23:26 config.gz
hydra proc $ chmod o+x config.gz
hydra proc $ ls -la config.gz
-r--r--r-x 1 root root 6354 3. Jul 23:46 config.gz
hydra proc $
SuSE mentioned this bug in
http://article.gmane.org/gmane.comp.security.bugtraq/12316, so there should
be a patch around.
Jörg
--
Fachbegriffe der Informatik (Nr 369): Ursache
- Ursächlich war, dass Windows nicht neu gestartet wurde.
Michael Scheer
---------------------------------------
Received: (at 257504-close) by bugs.debian.org; 8 Jul 2004 07:49:31 +0000
>From katie@ftp-master.debian.org Thu Jul 08 00:49:31 2004
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BiTes-0004en-00; Thu, 08 Jul 2004 00:49:30 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1BiTd7-00075w-00; Thu, 08 Jul 2004 03:47:41 -0400
From: Sven Luther <luther@debian.org>
To: 257504-close@bugs.debian.org
X-Katie: $Revision: 1.51 $
Subject: Bug#257504: fixed in kernel-source-2.6.7 2.6.7-3
Message-Id: <E1BiTd7-00075w-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Thu, 08 Jul 2004 03:47:41 -0400
Delivered-To: 257504-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
X-CrossAssassin-Score: 2
Source: kernel-source-2.6.7
Source-Version: 2.6.7-3
We believe that the bug you reported is fixed in the latest version of
kernel-source-2.6.7, which is due to be installed in the Debian FTP archive:
kernel-doc-2.6.7_2.6.7-3_all.deb
to pool/main/k/kernel-source-2.6.7/kernel-doc-2.6.7_2.6.7-3_all.deb
kernel-patch-debian-2.6.7_2.6.7-3_all.deb
to pool/main/k/kernel-source-2.6.7/kernel-patch-debian-2.6.7_2.6.7-3_all.deb
kernel-source-2.6.7_2.6.7-3.diff.gz
to pool/main/k/kernel-source-2.6.7/kernel-source-2.6.7_2.6.7-3.diff.gz
kernel-source-2.6.7_2.6.7-3.dsc
to pool/main/k/kernel-source-2.6.7/kernel-source-2.6.7_2.6.7-3.dsc
kernel-source-2.6.7_2.6.7-3_all.deb
to pool/main/k/kernel-source-2.6.7/kernel-source-2.6.7_2.6.7-3_all.deb
kernel-tree-2.6.7_2.6.7-3_all.deb
to pool/main/k/kernel-source-2.6.7/kernel-tree-2.6.7_2.6.7-3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 257504@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sven Luther <luther@debian.org> (supplier of updated kernel-source-2.6.7 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 7 Jul 2004 18:12:20 +0200
Source: kernel-source-2.6.7
Binary: kernel-source-2.6.7 kernel-tree-2.6.7 kernel-patch-debian-2.6.7 kernel-doc-2.6.7
Architecture: source all
Version: 2.6.7-3
Distribution: unstable
Urgency: low
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: Sven Luther <luther@debian.org>
Description:
kernel-doc-2.6.7 - Linux kernel specific documentation for version 2.6.7
kernel-patch-debian-2.6.7 - Debian patches to Linux 2.6.7
kernel-source-2.6.7 - Linux kernel source for version 2.6.7 with Debian patches
kernel-tree-2.6.7 - Linux kernel tree for building prepackaged Debian kernel images
Closes: 256064 257504
Changes:
kernel-source-2.6.7 (2.6.7-3) unstable; urgency=low
.
* Upgraded the fs-asfs patch to 1.0beta7 (Jens Schmalzing).
.
* Updated README.NMU to explain the new build process based on split
patches and dpatch (Jens Schmalzing).
.
* Added chown security fixes (closes: Bug#257504) (Christoph Hellwig).
.
* Dropped modular-swsusp, doesn't work and unmaintained (Christoph Hellwig).
.
* Added 3ware SATA-RAID driver, backported from mainline (Christoph Hellwig).
.
* Update XFS to most current upstream BK version (Christoph Hellwig).
.
* Added Marvell Ethernet driver (closes: Bug#256064) (Christoph Hellwig).
.
* Added a backport of the netfilter signed char fix (Christoph Hellwig).
Files:
6d4c6d3873e9bb06c8a6288aefb2bf43 874 devel optional kernel-source-2.6.7_2.6.7-3.dsc
e17ebeebefafe45a1b1fa3aa910a0dec 580894 devel optional kernel-source-2.6.7_2.6.7-3.diff.gz
af59f85b2106a507048f0937b9291c7e 238940 devel optional kernel-patch-debian-2.6.7_2.6.7-3_all.deb
a7df2060b6abdfdfcd23d000e91c9203 284360 devel optional kernel-tree-2.6.7_2.6.7-3_all.deb
117cfd68ee3286f579cb37594f60276b 34359450 devel optional kernel-source-2.6.7_2.6.7-3_all.deb
27f1ecb7ff6d40da7f4f73059c25bca6 6060702 doc optional kernel-doc-2.6.7_2.6.7-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA7O402WTeT3CRQaQRAvNKAJ9avyW9wbmrGRIiJCyPBs9HPXG4pQCdGjyE
exQi1t2AipanJc00NYzOuCY=
=hA35
-----END PGP SIGNATURE-----
Reply to: