Re: [pkern@debian.org: Re: Bug#807442: patch]
Hi,
Thanks for the comments to dbginfo.sh.
We added the following patch to restrict access of
collected data and to remind customer reviewing the result.
diff --git a/scripts/dbginfo.sh b/scripts/dbginfo.sh
index d0e2289..b3938a7 100755
--- a/scripts/dbginfo.sh
+++ b/scripts/dbginfo.sh
@@ -857,7 +857,7 @@ environment_setup()
echo
"${DATETIME}" > "${LOCKFILE}"
fi
- if ! mkdir "${WORKPATH}" 2>/dev/null; then
+ if ! mkdir -m 0600 "${WORKPATH}" 2>/dev/null;
then
echo
"${SCRIPTNAME}: Error: Target directory \"${WORKPATH}\"
already exists or"
echo
" \"${WORKDIR_BASE}\" does not exist!"
exit
1
@@ -879,12 +879,15 @@ create_package()
pr_stdout
" Please check the directory \"${WORKDIR_BASE}\""
pr_stdout
" to provide enough free available space."
else
+
chmod 0600 "${WORKARCHIVE}"
pr_stdout
" "
pr_stdout
"Collected data was saved to:"
pr_stdout
" >> ${WORKARCHIVE} <<"
fi
pr_stdout " "
+ pr_stdout "Review the collected data before sending
to your service organization. "
+ pr_stdout " "
}
> ----- Forwarded message from Philipp Kern <pkern@debian.org>
-----
>
> Date: Sun, 13 Dec 2015 15:50:01 +0100
> From: Philipp Kern <pkern@debian.org>
> To: dann frazier <dannf@debian.org>, 807442@bugs.debian.org
> Cc: Hendrik Brueckner <brueckner@linux.vnet.ibm.com>
> Subject: Re: Bug#807442: patch
> Message-ID: <[🔎] 20151213145001.GA5173@home.philkern.de>
> X-Spam-Status: No, score=0 tagged_above=-9999 required=6.2 tests=
> [none] autolearn=disabled
>
> On Tue, Dec 08, 2015 at 03:17:49PM -0700, dann frazier wrote:
> > diff -Nru s390-tools-1.32.0/debian/changelog s390-tools-1.32.0/
> debian/changelog
> > --- s390-tools-1.32.0/debian/changelog 2015-10-25 17:12:02.000000000
+0100
> > +++ s390-tools-1.32.0/debian/changelog 2015-12-08 23:14:52.000000000
+0100
> > @@ -1,3 +1,9 @@
> > +s390-tools (1.32.0-2) UNRELEASED; urgency=medium
> > +
> > + * Add dbginfo.sh. (Closes: #807442)
> > +
> > + -- dann frazier <dannf@debian.org> Tue, 08 Dec
2015 22:33:52 +0100
> > +
> > s390-tools (1.32.0-1) unstable; urgency=medium
> >
> > * New upstream release
> > diff -Nru s390-tools-1.32.0/debian/s390-tools.install s390-
> tools-1.32.0/debian/s390-tools.install
> > --- s390-tools-1.32.0/debian/s390-tools.install 2014-07-26
23:
> 59:18.000000000 +0200
> > +++ s390-tools-1.32.0/debian/s390-tools.install 2015-12-08
23:
> 08:30.000000000 +0100
> > @@ -10,6 +10,10 @@
> > /sbin/dasdview
> > /usr/share/man/man8/dasdview.8
> >
> > +# dbginfo.sh
> > +/sbin/dbginfo.sh
> > +/usr/share/man/man1/dbginfo.sh.1
> > +
> > # fdasd
> > /sbin/fdasd
> > /usr/share/man/man8/fdasd.8
>
> Three comments:
>
> * dbginfo.sh should tell the user that the information in the
tarball
> is sensitive.
> * The resulting tarball should be 0600 by default. (The script
needs
> to run as root anyway, but placing the result world-readable
in
> /tmp does not seem smart.)
> * Unless this is expected to be in /sbin, given that it's user
> invoked and not usually scripted, should this be in /usr/sbin
> instead?
>
> Kind regards and thanks
> Philipp Kern
>
>
Reply to: