Re: CVE against the fwknop package

To: Julien Cristau <jcristau@debian.org>
Cc: debian-release@lists.debian.org
Subject: Re: CVE against the fwknop package
From: Franck Joncourt <franck@debian.org>
Date: Mon, 15 Oct 2012 21:47:15 +0200
Message-id: <[🔎] 507C6843.3000806@debian.org>
In-reply-to: <[🔎] 20121015180103.GY17465@radis.cristau.org>
References: <[🔎] 5075CC8E.8050809@debian.org> <[🔎] 20121015180103.GY17465@radis.cristau.org>

[...]

The diff looks mostly ok, though checking for S_ISLNK from stat(2) seems
useless, and I'm not quite sure why the chmod is done *after* writing
the config file rather than upfront.

I have added the patches to fix the permission issues as done perupstream but keeping in mind no to change too much things on my own.I have also updated the patches to make it works against the rc2 butjust a bit.For the client, the permissions should not be overwritten at the end ofthe function but rather set when created as you mentionned : I think youare right.


For the S_ISLNK, I have to check further.

I am going to check all that and try to make the 2.0.3 release build onMIPs.


Regards,

Franck

Reply to:

References:
- CVE against the fwknop package
  - From: Franck Joncourt <franck@debian.org>
- Re: CVE against the fwknop package
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: Re: CVE against the fwknop package
Next by Date: Re: Fixing the Catalyst development environment in Wheezy
Previous by thread: Re: CVE against the fwknop package
Next by thread: Bug#690184: unblock: libdatetime-timezone-perl/1:1.49-1+2012f
Index(es):
- Date
- Thread