[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#941738: marked as done (buster-pu: package network-manager/1.14.6-2+deb10u1)

Your message dated Sat, 16 Nov 2019 10:08:47 +0000
with message-id <83c9ffab6f08361485f70dda4733a7a24aeec09b.camel@adam-barratt.org.uk>
and subject line Closing bugs for 10.2 point release fixes
has caused the Debian Bug report #941738,
regarding buster-pu: package network-manager/1.14.6-2+deb10u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
941738: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941738
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org@packages.debian.org
Usertags: pu

Hi stable release team,

I'd like to make a stable upload for network-manager fixing 
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941609
 "network-manager: generates world-{read,execut}able secret_key file (in
 buster)"

The fix is already in unstable (uploaded as 1.20.4-2).
In addition to fixing the file permissions of
/var/lib/NetworkManager/secret_key I've also applied some hardening by
changing the directory permissions of /var/lib/NetworkManager/ to 0700
as recommended by upstream.

I talked to upstream and the security team and they consider the issue
not severe enough for a stable-security upload.

Full debdiff is attached.

Regards,
Michael



-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.2.0-3-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff --git a/debian/changelog b/debian/changelog
index 7cb171e5a..24bb332fc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,18 @@
+network-manager (1.14.6-3) stable; urgency=medium
+
+  * core: fix file permissions for "/var/lib/NetworkManager/secret_key"
+    Patch cherry-picked from upstream.
+  * Fix permissions of /var/lib/NetworkManager/secret_key on upgrades.
+    The file mode is supposed to be 0600. (Closes: #941609)
+  * Install directories as created by upstream build system.
+    Drop network-manager.dirs and instead use the directories created by the
+    upstream build system. Fix permissions of /var/lib/NetworkManager to be
+    0700 as it contains possibly sensitive data and should not be
+    world-readable.
+  * d/gbp.conf: Set debian-branch to buster
+
+ -- Michael Biebl <biebl@debian.org>  Fri, 04 Oct 2019 15:03:20 +0200
+
 network-manager (1.14.6-2) unstable; urgency=medium
 
   * supplicant: fix setting pmf when the supplicant doesn't advertise support
diff --git a/debian/gbp.conf b/debian/gbp.conf
index 478d845ce..3c81df87a 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,4 +1,4 @@
 [DEFAULT]
 pristine-tar = True
 patch-numbers = False
-debian-branch = master
+debian-branch = buster
diff --git a/debian/network-manager.dirs b/debian/network-manager.dirs
deleted file mode 100644
index e09403be4..000000000
--- a/debian/network-manager.dirs
+++ /dev/null
@@ -1,10 +0,0 @@
-etc/NetworkManager/conf.d/
-etc/NetworkManager/dispatcher.d/no-wait.d/
-etc/NetworkManager/dispatcher.d/pre-down.d/
-etc/NetworkManager/dispatcher.d/pre-up.d/
-etc/NetworkManager/dnsmasq.d/
-etc/NetworkManager/dnsmasq-shared.d/
-etc/NetworkManager/system-connections/
-usr/lib/NetworkManager/conf.d/
-usr/lib/NetworkManager/VPN/
-var/lib/NetworkManager/
diff --git a/debian/network-manager.install b/debian/network-manager.install
index 0f1e82ae5..3f94d7a46 100644
--- a/debian/network-manager.install
+++ b/debian/network-manager.install
@@ -2,10 +2,7 @@ usr/sbin/NetworkManager
 usr/bin/nm-online
 usr/bin/nmcli
 usr/bin/nmtui*
-usr/lib/NetworkManager/nm-dhcp-helper
-usr/lib/NetworkManager/nm-iface-helper
-usr/lib/NetworkManager/nm-dispatcher
-usr/lib/NetworkManager/nm-initrd-generator
+usr/lib/NetworkManager/
 usr/lib/*/NetworkManager/*/libnm-settings-plugin-ifupdown.so
 usr/lib/*/NetworkManager/*/libnm-device-plugin-*.so
 usr/lib/*/NetworkManager/*/libnm-ppp-plugin.so
@@ -18,7 +15,8 @@ usr/share/dbus-1/system.d/org.freedesktop.NetworkManager.conf
 usr/share/dbus-1/system.d/nm-dispatcher.conf
 usr/share/polkit-1/
 usr/share/bash-completion/
-etc/NetworkManager/dispatcher.d/
+etc/NetworkManager/
+var/lib/NetworkManager/
 lib/udev/rules.d/*.rules
 lib/systemd/system/NetworkManager.service
 lib/systemd/system/NetworkManager-dispatcher.service
diff --git a/debian/network-manager.postinst b/debian/network-manager.postinst
index 0f95087f8..7f0589da6 100644
--- a/debian/network-manager.postinst
+++ b/debian/network-manager.postinst
@@ -24,6 +24,9 @@ case "$1" in
         # org.freedesktop.NetworkManager.settings.modify.system without prior authentication
         addgroup --quiet --system netdev
 
+        # This directory can contain sensitive data and should not be world-readable
+        chmod 0700 /var/lib/NetworkManager
+
         NIF=/etc/network/interfaces
         if [ -z "$2" ] && [ -f $NIF ]; then
             ifaces=`grep -v '^#' $NIF | awk '/iface/ {print $2}' | sort -u | sed -e 's/lo//' -e '/^$/d' -e 's/^/- /'`
@@ -44,6 +47,12 @@ case "$1" in
                 ln -sf  /run/NetworkManager/resolv.conf /etc/resolv.conf
             fi
         fi
+
+        if dpkg --compare-versions "$2" lt-nl "1.14.6-3"; then
+            if [ -f /var/lib/NetworkManager/secret_key ]; then
+                chmod 0600 /var/lib/NetworkManager/secret_key
+            fi
+        fi
         ;;
 
     abort-upgrade|abort-deconfigure|abort-remove)
diff --git a/debian/patches/core-fix-file-permissions-for-var-lib-NetworkManager-secr.patch b/debian/patches/core-fix-file-permissions-for-var-lib-NetworkManager-secr.patch
new file mode 100644
index 000000000..8e51fa6a4
--- /dev/null
+++ b/debian/patches/core-fix-file-permissions-for-var-lib-NetworkManager-secr.patch
@@ -0,0 +1,40 @@
+From: Thomas Haller <thaller@redhat.com>
+Date: Tue, 14 May 2019 13:55:41 +0200
+Subject: core: fix file permissions for "/var/lib/NetworkManager/secret_key"
+
+Ooherwise, the file has wrong permissions:
+
+  # ls -la /var/lib/NetworkManager/secret_key
+  ----r-xr-x. 1 root root 50 May 14 13:52 /var/lib/NetworkManager/secret_key
+
+Luckily, /var/lib/NetworkManager should be already
+
+  # ls -lad /var/lib/NetworkManager
+  drwx------. 2 root root 8192 May 14 13:57 /var/lib/NetworkManager
+
+which mitigates this a bit.
+
+Fixes: dbcb1d6d97c6 ('core: let nm_utils_secret_key_read() handle failures internally')
+
+https://gitlab.freedesktop.org/NetworkManager/NetworkManager/issues/175
+(cherry picked from commit dc3a2f9bc4c35030bcaf9e81953daf7894ab62b6)
+(cherry picked from commit 2d46247c6ac6f89a0b8bac86d684431c07dc6c8e)
+(cherry picked from commit 7a0f8520ffd2173d0912e8cbdd192bc232e92a43)
+(cherry picked from commit 869ac551cff99162fda1eb614bf2c45bfc3e5321)
+---
+ src/nm-core-utils.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/nm-core-utils.c b/src/nm-core-utils.c
+index a65ac63..99a62e6 100644
+--- a/src/nm-core-utils.c
++++ b/src/nm-core-utils.c
+@@ -2896,7 +2896,7 @@ _host_id_read (guint8 **out_host_id,
+ 		} else if (!nm_utils_file_set_contents (SECRET_KEY_FILE,
+ 		                                        (const char *) new_content,
+ 		                                        len,
+-		                                        0077,
++		                                        0600,
+ 		                                        &error)) {
+ 			nm_log_warn (LOGD_CORE, "secret-key: failure to persist secret key in \"%s\" (%s) (use non-persistent key)",
+ 			             SECRET_KEY_FILE, error->message);
diff --git a/debian/patches/series b/debian/patches/series
index b21e8a16f..5504c0a8a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@ supplicant-fix-setting-pmf-when-the-supplicant-doesn-t-ad.patch
 Force-online-state-with-unmanaged-devices.patch
 Don-t-setup-Sleep-Monitor-if-not-booted-with-systemd.patch
 Don-t-make-NetworkManager-D-Bus-activatable.patch
+core-fix-file-permissions-for-var-lib-NetworkManager-secr.patch

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 10.2

Hi,

The fixes referenced by these bugs were included in today's 10.2 stable
point release.

Regards,

Adam

--- End Message ---
Reply to: