Bug#295146: marked as done (kernel: can delete root directories)

To: maximilian attems <debian@sternwelten.at>
Cc: Debian Kernel Team <debian-kernel@lists.debian.org>
Subject: Bug#295146: marked as done (kernel: can delete root directories)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 19 Apr 2005 23:48:12 -0700
Message-id: <[🔎] handler.295146.D295146.111397868627305.ackdone@bugs.debian.org>
In-reply-to: <20050420063130.GB18819@sputnik.stro.at>
References: <20050420063130.GB18819@sputnik.stro.at> <E1D0TCT-0007KQ-00@master.debian.org>

Your message dated Wed, 20 Apr 2005 08:31:30 +0200
with message-id <20050420063130.GB18819@sputnik.stro.at>
and subject line Bug#295146: kernel: can delete root directories
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 13 Feb 2005 23:30:51 +0000
>From jagginess@yahoo.ca Sun Feb 13 15:30:51 2005
Return-path: <jagginess@yahoo.ca>
Received: from master.debian.org [146.82.138.7] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1D0TCV-0001m6-00; Sun, 13 Feb 2005 15:30:51 -0800
Received: from modemcable116.75-200-24.mc.videotron.ca (web2.domainsystems.com) [24.200.75.116] 
	by master.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1D0TCT-0007KQ-00; Sun, 13 Feb 2005 17:30:50 -0600
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Rehm <jagginess@yahoo.ca>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: kernel: can delete root directories
X-Mailer: reportbug 3.2
Date: Sun, 13 Feb 2005 18:31:09 -0500
X-Debbugs-Cc: jagginess@yahoo.ca
Message-Id: <E1D0TCT-0007KQ-00@master.debian.org>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-9.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
	OUR_MTA_MSGID,X_DEBBUGS_CC autolearn=ham 
	version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: kernel
Severity: critical
Justification: root security hole

Extremely insecure. Apparently after having been able to do mounting
on a diskimage disk1.img (sued to root under lightweight wm in X- xterm box) on a directory called ./1,
drwxr-xr-x  2 root  root     4096 2005-02-13 18:22 1
$
->as a normal user, (and my groups command shows no respect of being
member of root), I am able to delete directory 1, or shouldn't I? Either
I'm very dumb, or something is terribly wrong..Any other further details I can provide and test- I wouldn't
mind..Thanks for the feedback..

jagg

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.10
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

---------------------------------------
Received: (at 295146-done) by bugs.debian.org; 20 Apr 2005 06:31:26 +0000
>From max@stro.at Tue Apr 19 23:31:25 2005
Return-path: <max@stro.at>
Received: from baikonur.stro.at [213.239.196.228] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DO8k9-00076A-00; Tue, 19 Apr 2005 23:31:25 -0700
Received: from sputnik (stallburg.stro.at [128.131.216.190])
	by baikonur.stro.at (Postfix) with ESMTP id 56B8B5C001
	for <295146-done@bugs.debian.org>; Wed, 20 Apr 2005 08:31:24 +0200 (CEST)
Received: from max by sputnik with local (Exim 4.50)
	id 1DO8kF-00053h-0x
	for 295146-done@bugs.debian.org; Wed, 20 Apr 2005 08:31:31 +0200
Date: Wed, 20 Apr 2005 08:31:30 +0200
From: maximilian attems <debian@sternwelten.at>
To: 295146-done@bugs.debian.org
Subject: Re: Bug#295146: kernel: can delete root directories
Message-ID: <20050420063130.GB18819@sputnik.stro.at>
References: <E1D0TCT-0007KQ-00@master.debian.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <E1D0TCT-0007KQ-00@master.debian.org>
User-Agent: Mutt/1.5.6+20040907i
X-Virus-Scanned: by Amavis (ClamAV) at stro.at
Delivered-To: 295146-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

no evidence for this bug was brought up nor an apology.
closing therefor.
please reopen if you can proove otherwise.
thanks for adding strace of rmdir and mount output in that case.

--
maks

Reply to:

Prev by Date: Processed: Re: Bug#283715: kernel-image-2.6.9-1-k7: Removes /initrd.img, makes system unbootable
Next by Date: Bug#283715: kernel-image-2.6.9-1-k7: Removes /initrd.img, makes system unbootable
Previous by thread: Bug#289982: ACPI problems with kernel 2.6.x for Dell Inspiron 4100
Next by thread: Bug#283715: kernel-image-2.6.9-1-k7: Removes /initrd.img, makes system unbootable
Index(es):
- Date
- Thread