Your message dated Sun, 12 May 2019 22:02:45 +0200 with message-id <4e1720d9-9989-06f4-9ad9-1821e6083d9b@debian.org> and subject line Re: Bug#928418: unblock: preapproval: corekeeper/1.7 has caused the Debian Bug report #928418, regarding unblock: preapproval: corekeeper/1.7 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 928418: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928418 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: preapproval: corekeeper/1.7
- From: Paul Wise <pabs@debian.org>
- Date: Sat, 04 May 2019 15:06:10 +0800
- Message-id: <[🔎] b0679b6eb922d206cf76fd7bbea0388c5ee21ec7.camel@debian.org>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock I would like to fix some issues in corekeeper reported by Jakub Wilk. unblock corekeeper/1.7 -- bye, pabs https://wiki.debian.org/PaulWisediff -Nru corekeeper-1.6/debian/changelog corekeeper-1.7/debian/changelog --- corekeeper-1.6/debian/changelog 2015-11-12 00:44:29.000000000 +0800 +++ corekeeper-1.7/debian/changelog 2019-05-04 14:53:44.000000000 +0800 @@ -1,3 +1,16 @@ +corekeeper (1.7) unstable; urgency=medium + + * Do not use a world-writable /var/crash with the dumper script + and fix the permissions on upgrade as dpkg doesn't do that. + (Closes: #924397) (See-also: #515211) + * Handle older versions of the Linux kernel in a safer way + (Closes: #924398) + * Harden ownership determination and core file names + * Do not truncate core names for executables with spaces + * Update VCS URLs from alioth to salsa + + -- Paul Wise <pabs@debian.org> Sat, 04 May 2019 14:53:44 +0800 + corekeeper (1.6) unstable; urgency=medium * Prevent installation with other core dump handlers: diff -Nru corekeeper-1.6/debian/control corekeeper-1.7/debian/control --- corekeeper-1.6/debian/control 2015-11-11 22:19:31.000000000 +0800 +++ corekeeper-1.7/debian/control 2019-05-04 14:53:44.000000000 +0800 @@ -5,8 +5,8 @@ Build-Depends: debhelper (>= 9) Standards-Version: 3.9.6 -Vcs-Git: git://anonscm.debian.org/collab-maint/corekeeper.git -Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/corekeeper.git +Vcs-Git: https://salsa.debian.org/debian/corekeeper.git +Vcs-Browser: https://salsa.debian.org/debian/corekeeper Package: corekeeper Architecture: kfreebsd-any linux-any diff -Nru corekeeper-1.6/debian/copyright corekeeper-1.7/debian/copyright --- corekeeper-1.6/debian/copyright 2013-11-22 10:23:37.000000000 +0800 +++ corekeeper-1.7/debian/copyright 2019-05-04 14:53:44.000000000 +0800 @@ -1,7 +1,7 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: corekeeper Upstream-Contact: Paul Wise <pabs@debian.org> -Source: git://anonscm.debian.org/collab-maint/corekeeper.git +Source: https://salsa.debian.org/debian/corekeeper.git Comment: original package by Ben Pfaff has been rewritten Files: * diff -Nru corekeeper-1.6/debian/corekeeper.lintian-overrides corekeeper-1.7/debian/corekeeper.lintian-overrides --- corekeeper-1.6/debian/corekeeper.lintian-overrides 2013-11-22 10:23:42.000000000 +0800 +++ corekeeper-1.7/debian/corekeeper.lintian-overrides 2019-05-04 13:57:59.000000000 +0800 @@ -1,6 +1,6 @@ # /var/crash is intentionally world-writable to allow for # centralized core dumps. -non-standard-dir-perm +[kfreebsd-any]: non-standard-dir-perm # The postrm script checks if systemd is running before # using the systemctl command diff -Nru corekeeper-1.6/debian/corekeeper.postinst.linux corekeeper-1.7/debian/corekeeper.postinst.linux --- corekeeper-1.6/debian/corekeeper.postinst.linux 2013-04-25 14:49:30.000000000 +0800 +++ corekeeper-1.7/debian/corekeeper.postinst.linux 2019-05-04 14:53:44.000000000 +0800 @@ -4,4 +4,11 @@ # Activate the sysctl settings [ $1 != configure ] || sysctl --quiet --load="/etc/sysctl.d/corekeeper.conf" +# Set /var/crash to not be world writable +# to prevent crashes being able to write arbitrary files +[ "$1" = configure ] && +dpkg --compare-versions "$2" le-nl 1.6 && +! dpkg-statoverride --list /var/crash && +chmod 0755 /var/crash + #DEBHELPER# diff -Nru corekeeper-1.6/debian/dump corekeeper-1.7/debian/dump --- corekeeper-1.6/debian/dump 2013-04-25 16:01:53.000000000 +0800 +++ corekeeper-1.7/debian/dump 2019-05-04 14:47:56.000000000 +0800 @@ -19,7 +19,9 @@ # because Linux does not create directories when dumping core files # and it is apparently painful to do that from within Linux. # -# Thanks for the security audit go to Kees Cook <kees@debian.org>! +# Thanks for the security audits go to: +# Jakub Wilk <jwilk@jwilk.net> +# Kees Cook <kees@debian.org> set -e @@ -28,34 +30,77 @@ exit 1 fi -# Check how many arguments the kernel sent us. -if [ $# -eq 2 ] ; then - # Awww, old kernel that does not support %d - # Cannot set the core file owner safely, use root - # See v3.6-6800-g12a2b4b in linux.git for more info - uid="$1" - core="$2" - owner="0" -elif [ $# -eq 3 ] ; then - # Yay! A kernel that does support %d - uid="$2" - core="$3" - owner="$2" - # Set the core file owner safely - if [ $1 -eq 2 ] ; then - owner="0" - fi -else - # Something is majorly broken. - echo "This script should be run with three arguments and a core file on stdin" 1>&2 - exit 1 -fi +case "$1" in + (--*) + # Option based command-line + while [ $# -gt 0 ] ; do + case "$1" in + (--dumpable) + # Old Linux kernels do not support %d + # use the safest dumpable option there + case "$2" in + (--*) dumpable=2; shift;; + (*) dumpable="$2"; shift 2;; + esac + ;; + (--owner) owner="$2"; shift 2;; + (--limit) limit="$2"; shift 2;; + # Use remaining arguments for core name + (--core) shift; core="$*.core"; break;; + (*) + echo "Unknown option: $1" 1>&2 + exit 1 + ;; + esac + done + ;; + (*[!0-9]*|'') + echo "Unknown or missing arguments" 1>&2 + exit 1 + ;; + (*) + # Dumpable, owner and core file based command-line + case "$2" in + # Old Linux kernels do not support %d + # use the safest dumpable option there + (*[!0-9]*|'') dumpable=2 ;; + (*) dumpable="$1"; shift ;; + esac + owner="$1"; shift + core="$*" + ;; +esac + +# Set the core file owner safely +SUID_DUMP_DISABLE=0 +SUID_DUMP_USER=1 +SUID_DUMP_ROOT=2 +case "$dumpable" in + ("$SUID_DUMP_DISABLE") exit 0;; + ("$SUID_DUMP_USER") ;; + ("$SUID_DUMP_ROOT"|*) owner=0;; +esac -# The exclamation marks are shell metacharacters -core="$(echo "$core" | tr '!' '-')" +# Convert potentially unsafe characters to a safe character +core="$(printf '%s' "$core" | tr -c '[:alnum:]+._-' '-')" umask 0077 mkdir -p "/var/crash/$owner" chown "$owner" "/var/crash/$owner" -owner="$owner" core="$core" \ - su -s /bin/sh -c '/bin/cat > /var/crash/"$owner"/"$core"' \ - "$(getent passwd "$owner" | cut -d: -f1)" +case "$limit" in + # Core dump is not numeric, no nothing + (*[!0-9]*) ;; + # Core dump limit is empty, write full dump + ('') + owner="$owner" core="$core" \ + su -s /bin/sh -c '/bin/cat > /var/crash/"$owner"/"$core"' \ + "$(getent passwd "$owner" | cut -d: -f1)" + ;; + # Core dump limit is non-zero, restrict dump size + (*[!0]*) + owner="$owner" core="$core" limit="$limit" \ + su -s /bin/sh -c 'head -c "$limit" > /var/crash/"$owner"/"$core"' \ + "$(getent passwd "$owner" | cut -d: -f1)" + ;; + # Core dumping is disabled, no nothing + (*) ;; +esac diff -Nru corekeeper-1.6/debian/rules corekeeper-1.7/debian/rules --- corekeeper-1.6/debian/rules 2015-11-11 21:59:07.000000000 +0800 +++ corekeeper-1.7/debian/rules 2019-05-04 14:53:44.000000000 +0800 @@ -10,7 +10,7 @@ override_dh_fixperms: dh_fixperms - chmod 1777 debian/corekeeper/var/crash + if [ ! -e $(script) ] ; then chmod 1777 debian/corekeeper/var/crash ; fi if [ -e $(script) ] ; then chmod 0755 $(script) ; fi override_dh_installinit: diff -Nru corekeeper-1.6/debian/sysctl-linux/corekeeper.conf corekeeper-1.7/debian/sysctl-linux/corekeeper.conf --- corekeeper-1.6/debian/sysctl-linux/corekeeper.conf 2015-11-04 18:57:15.000000000 +0800 +++ corekeeper-1.7/debian/sysctl-linux/corekeeper.conf 2019-05-04 14:53:44.000000000 +0800 @@ -4,8 +4,11 @@ # Non-root users can see that something crashed, no way to fix that. # It requires Linux 3.7-rc1, see v3.6-6800-g12a2b4b in linux.git for info. # If you use it with an earlier kernel then only root can access core dumps. -# If you don't want to use it, comment core_pattern below and uncomment this: +# If you don't want to use it, comment core_pattern below, dpkg-statoverride +# /var/crash to mode 1777 and uncomment this alternate core_pattern: #kernel.core_pattern = /var/crash/%p-%u-%g-%s-%t-%h-%E.core -kernel.core_pattern = |/usr/lib/corekeeper/dump %d %u %p-%u-%g-%s-%t-%h-%E.core +# When switching back to the default core pattern use mode 0755 for /var/crash +# as it is unsafe to use the dumper with a world-writable directory. +kernel.core_pattern = |/usr/lib/corekeeper/dump --dumpable %d --owner %u --limit %c --core %p-%u-%g-%s-%t-%h-%E kernel.core_uses_pid = 1 fs.suid_dumpable = 2Attachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
- To: Paul Wise <pabs@debian.org>, 928418-done@bugs.debian.org
- Subject: Re: Bug#928418: unblock: preapproval: corekeeper/1.7
- From: Paul Gevers <elbrus@debian.org>
- Date: Sun, 12 May 2019 22:02:45 +0200
- Message-id: <4e1720d9-9989-06f4-9ad9-1821e6083d9b@debian.org>
- In-reply-to: <[🔎] c57f55c374a9b336d66aa8301c8835efadc747a7.camel@debian.org>
- References: <[🔎] b0679b6eb922d206cf76fd7bbea0388c5ee21ec7.camel@debian.org> <[🔎] b0679b6eb922d206cf76fd7bbea0388c5ee21ec7.camel@debian.org> <[🔎] 240d315b-4fc2-9e08-11b1-b661f80c55cb@debian.org> <[🔎] b0679b6eb922d206cf76fd7bbea0388c5ee21ec7.camel@debian.org> <[🔎] c57f55c374a9b336d66aa8301c8835efadc747a7.camel@debian.org>
Hi Paul, On 12-05-2019 06:59, Paul Wise wrote: > Uploaded and built by the buildds. Unblocked, thanks. PaulAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---