Bug#1022568: RFS: ipmiutil/3.1.8-3 -- IPMI management utilities

To: debian@jff.email, 1022568@bugs.debian.org
Subject: Bug#1022568: RFS: ipmiutil/3.1.8-3 -- IPMI management utilities
From: Adam Borowski <kilobyte@angband.pl>
Date: Mon, 24 Oct 2022 12:27:36 +0200
Message-id: <[🔎] Y1ZomA7jY2xkY2WR@angband.pl>
Reply-to: Adam Borowski <kilobyte@angband.pl>, 1022568@bugs.debian.org
In-reply-to: <[🔎] 8b8de72998aae7ea82e5f28b7c99c33264465193.camel@jff.email>
References: <[🔎] 8b8de72998aae7ea82e5f28b7c99c33264465193.camel@jff.email> <[🔎] 8b8de72998aae7ea82e5f28b7c99c33264465193.camel@jff.email>

On Mon, Oct 24, 2022 at 08:55:59AM +0200, Jörg Frings-Fürst wrote:
>  ipmiutil (3.1.8-3) unstable; urgency=medium
>  .
>    * debian/patches/0705-crontab.patch: Fix overwrite binary (Closes: #1022240).

* * * * *  root  $prog -r > /tmp/wdt.lastrun 2&>1

Could you please pick a location that's not writeable by any unprivileged
user?

While dropping a symlink there is less fun if fs.protected_symlinks is 1
(it is by default on Debian), that setting might be for some reason off
-- and even if it's on, merely disabling monitoring is still a vuln.


Meow!
-- 
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁
⢿⡄⠘⠷⠚⠋⠀ Quis trollabit ipsos trollos?
⠈⠳⣄⠀⠀⠀⠀

Reply to:

Follow-Ups:
- Bug#1022568: RFS: ipmiutil/3.1.8-3 -- IPMI management utilities
  - From: Jörg Frings-Fürst <debian@jff.email>

References:
- Bug#1022568: RFS: ipmiutil/3.1.8-3 -- IPMI management utilities
  - From: Jörg Frings-Fürst <debian@jff.email>

Prev by Date: Bug#1022552: marked as done (RFS: cglm/0.8.6-1 -- Optimized OpenGL Mathematics library for C)
Next by Date: Bug#1022568: RFS: ipmiutil/3.1.8-3 -- IPMI management utilities
Previous by thread: Bug#1022568: RFS: ipmiutil/3.1.8-3 -- IPMI management utilities
Next by thread: Bug#1022568: RFS: ipmiutil/3.1.8-3 -- IPMI management utilities
Index(es):
- Date
- Thread