Re: Bug#852172: dpkg: insecure use of temp file when upgrading conf file

To: Ben <bdejean@gmail.com>
Cc: Guillem Jover <guillem@debian.org>, 852172-close@bugs.debian.org, openssh-server@packages.debian.org, ucf@packages.debian.org
Subject: Re: Bug#852172: dpkg: insecure use of temp file when upgrading conf file
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 24 Jan 2017 11:49:45 +0000
Message-id: <[🔎] 20170124114945.GU20455@riva.ucam.org>
In-reply-to: <[🔎] CAAuy3ir73ncmu7PMO2Xb2-bEJXbkJTB+ttkXSumeHr7+D5hOhA@mail.gmail.com>
References: <148508261948.31444.14501303669137403312.reportbug@powerbook> <[🔎] 20170122115737.7vkuewcgro6tdd2c@gaara.hadrons.org> <[🔎] 20170122124542.GO20455@riva.ucam.org> <[🔎] CAAuy3ir73ncmu7PMO2Xb2-bEJXbkJTB+ttkXSumeHr7+D5hOhA@mail.gmail.com>

On Sun, Jan 22, 2017 at 01:50:29PM +0100, Ben wrote:
> what if then I decide to mv it to replace mine ?

That will probably cause ucf to fail; the temporary file is only meant
as input to ucf.  ucf then tends to leave .ucf-* files around if it had
to do anything complicated.

> what was wrong with the previous scheme (write the packaged version of the
> file within the same directory) ?

No, the previous scheme was in fact to not keep sshd_config up to date
at all, except for some manual adjustments made by ad-hoc perl scripts
in the postinst.  This had any number of things wrong with it.

> I'm not a security expert, if you say it's safe and there's nothing to
> worry about, that's fine with me.

It's safe and there's nothing to worry about. :-)  In fact sshd_config
is normally world-readable (and it is thus on all my systems); an
installation with particularly complicated authorisation rules that they
want to keep secret might want to restrict its permissions, but
otherwise it isn't a problem.

Closing the bug with this message.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

References:
- Re: Bug#852172: dpkg: insecure use of temp file when upgrading conf file
  - From: Guillem Jover <guillem@debian.org>
- Re: Bug#852172: dpkg: insecure use of temp file when upgrading conf file
  - From: Colin Watson <cjwatson@debian.org>
- Re: Bug#852172: dpkg: insecure use of temp file when upgrading conf file
  - From: Ben <bdejean@gmail.com>

Prev by Date: Bug#852400: openssh-server: Strategy used for HostKey options in sshd_config
Next by Date: Bug#852320: openssh-server: install script sliently override config
Previous by thread: Re: Bug#852172: dpkg: insecure use of temp file when upgrading conf file
Next by thread: openssh-server (7.4p1-6) regression in setting PermitRootLogin (yes instead of
Index(es):
- Date
- Thread