Bug#108567: SECURITY] xinetd in woody still has umask 0000

To: Ethan Benson <eb@penguinppc.org>, 108567@bugs.debian.org
Cc: debian-security-private@lists.debian.org
Subject: Bug#108567: SECURITY] xinetd in woody still has umask 0000
From: Josip Rodin <joy@cibalia.gkvk.hr>
Date: Mon, 13 Aug 2001 09:57:22 +0200
Message-id: <[🔎] 20010813095722.D25211@cibalia.gkvk.hr>
Reply-to: Josip Rodin <joy@cibalia.gkvk.hr>, 108567@bugs.debian.org
In-reply-to: <[🔎] 20010813044712.CD5DC1D@ash.penguinppc.org>; from eb@penguinppc.org on Sun, Aug 12, 2001 at 08:47:12PM -0800
References: <[🔎] 20010813044712.CD5DC1D@ash.penguinppc.org>

On Sun, Aug 12, 2001 at 08:47:12PM -0800, Ethan Benson wrote:
> Package: xinetd
> Version: 1:2.1.8.8.p3-2
> Severity: grave
> Tags: security woody
> 
> This version of xinetd does NOT incorporate the 000 umask
> vulnerability patched in potato.  To test this i created a fake telnet
> service which runs a shell script that echos the umask into a newly
> created file, the file was created mode 0666 and the umask written to
> the file was 0000.   xinetd was stopped and started from a root shell
> having a 022 umask.

Gah, that was supposed to be Wichert's version of Solar Designer's version
of the fix that the upstream author used!

-- 
     2. That which causes joy or happiness.

Reply to:

References:
- Bug#108567: [SECURITY] xinetd in woody still has umask 0000
  - From: Ethan Benson <eb@penguinppc.org>

Prev by Date: Bug#108567: [SECURITY] xinetd in woody still has umask 0000
Next by Date: pcmcia in boot-floppies
Previous by thread: Bug#108567: [SECURITY] xinetd in woody still has umask 0000
Next by thread: Bug#106259: marked as done (htmlgen install script uses Python on path)
Index(es):
- Date
- Thread