Bug#295681: marked as done (tramp: TRAMP uses user's umask for temporary files?)

Sun, 03 Apr 2005 14:23:02 -0700 

Your message dated Sun, 03 Apr 2005 17:02:31 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#295681: fixed in tramp 1:2.0.48-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 17 Feb 2005 12:41:59 +0000
>From [EMAIL PROTECTED] Thu Feb 17 04:41:59 2005
Return-path: <[EMAIL PROTECTED]>
Received: from pooh.kjernsmo.net [217.77.32.186] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1D1kyl-0002NN-00; Thu, 17 Feb 2005 04:41:59 -0800
Received: from [80.254.47.36] (helo=localhost)
        by pooh.kjernsmo.net with esmtp (Exim 4.34)
        id 1D1kyG-0003iz-6M; Thu, 17 Feb 2005 13:41:28 +0100
Received: from kjetil by localhost with local (Exim 3.36 #1 (Debian))
        id 1D1kxk-0001xO-00; Thu, 17 Feb 2005 13:40:56 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Kjetil Kjernsmo <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: tramp: TRAMP uses user's umask for temporary files?
X-Mailer: reportbug 3.2
Date: Thu, 17 Feb 2005 13:40:55 +0100
Message-Id: <[EMAIL PROTECTED]>
Sender: Kjetil Kjernsmo <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: tramp
Version: 1:2.0.47-1
Severity: normal
Tags: security

I just noticed that when I edited a buffer /su::/etc/apache/axkit.conf
and file /tmp/#axkit.conf# was created. axkit.conf is owned by root:root
on my system, and is readable only to root:
-rw-------    1 root   root    4901 Feb 17 12:39 axkit.conf
I don't want the contents of that file exposed... :-)

The problem is that the temporary file gets a different set of
permissions:
-rw-r--r--  1 kjetil   kjetil    4900 Feb 17 13:00 #axkit.conf#
It gets the default permissions of my user. 

This seems to have security implications to me. The contents of this
file is now easily accessible to any local user. 

I guess it would be OK to make the file read and writeable only to the
local user by default. This user has allready legitimately accessed the
file, so that should be OK. 

I'm submitting this only as severity normal, as I'm not confident it is
a bug, it could be that I have a flawed understanding. If it is a bug it
would be the first time I find a security problem! :-) What do others
think?

Kjetil

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2005-01-27.roo.1
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages tramp depends on:
ii  emacs21 [emacsen]             21.3+1-8   The GNU Emacs editor

-- no debconf information

---------------------------------------
Received: (at 295681-close) by bugs.debian.org; 3 Apr 2005 21:12:45 +0000
>From [EMAIL PROTECTED] Sun Apr 03 14:12:45 2005
Return-path: <[EMAIL PROTECTED]>
Received: from gluck.debian.org [192.25.206.10] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DICOj-0007lW-00; Sun, 03 Apr 2005 14:12:45 -0700
Received: from newraff.debian.org [208.185.25.31] (mail)
        by gluck.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DICOi-0003yn-00; Sun, 03 Apr 2005 15:12:44 -0600
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
        id 1DICEp-0001W0-00; Sun, 03 Apr 2005 17:02:31 -0400
From: Jerome Marant <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#295681: fixed in tramp 1:2.0.48-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 03 Apr 2005 17:02:31 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: tramp
Source-Version: 1:2.0.48-1

We believe that the bug you reported is fixed in the latest version of
tramp, which is due to be installed in the Debian FTP archive:

tramp_2.0.48-1.diff.gz
  to pool/main/t/tramp/tramp_2.0.48-1.diff.gz
tramp_2.0.48-1.dsc
  to pool/main/t/tramp/tramp_2.0.48-1.dsc
tramp_2.0.48-1_all.deb
  to pool/main/t/tramp/tramp_2.0.48-1_all.deb
tramp_2.0.48.orig.tar.gz
  to pool/main/t/tramp/tramp_2.0.48.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jerome Marant <[EMAIL PROTECTED]> (supplier of updated tramp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  3 Apr 2005 22:48:11 +0200
Source: tramp
Binary: tramp
Architecture: source all
Version: 1:2.0.48-1
Distribution: unstable
Urgency: medium
Maintainer: Jerome Marant <[EMAIL PROTECTED]>
Changed-By: Jerome Marant <[EMAIL PROTECTED]>
Description: 
 tramp      - remote file access in Emacs
Closes: 295681 299735
Changes: 
 tramp (1:2.0.48-1) unstable; urgency=medium
 .
   * New upstream release. Closes: Bug#295681, Bug#299735.
Files: 
 1df780c3a16b3023e0ea243468ef7e30 601 editors optional tramp_2.0.48-1.dsc
 d6efe76ad2c2445befaeaa46976aa29c 294643 editors optional 
tramp_2.0.48.orig.tar.gz
 1cab8a6c8f274694c61cf6f2d88f6975 7760 editors optional tramp_2.0.48-1.diff.gz
 a121b656b45108875fc58275ab7ca2fd 255968 editors optional tramp_2.0.48-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCUFiy3JE9mF3wMWcRAiSMAJ9K2nRHe8vbofS4zBXNIBs8yNqLOQCeOeZt
8UVNahqFTdVXy2gCmbL9+bw=
=vsR3
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to