Your message dated Sun, 2 Aug 2009 01:09:17 -0700
with message-id <[email protected]>
and subject line Re: debsums: Calls File::Path::rmtree without using the safe
word
has caused the Debian Bug report #487317,
regarding debsums: Calls File::Path::rmtree without using the safe word
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
487317: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487317
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: debsums
Version: 5.10.0-10
Severity: critical
Tags: security
Justification: root security hole
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 2008-06-20 at 23:26 +0200, Cyril Brulebois wrote:
> Frans Pop <[email protected]> (20/06/2008):
> > $ sudo aptitude reinstall ncurses-base
> > $ ls -l /lib/terminfo/*/*
> > -rwxrwxrwx 1 root root 1481 2008-06-16 22:40 /lib/terminfo/a/ansi
> > -rwxrwxrwx 1 root root 1502 2008-06-16 22:40 /lib/terminfo/c/cons25
> > -rwxrwxrwx 1 root root 1529 2008-06-16 22:40 /lib/terminfo/c/cygwin
> > -rwxrwxrwx 1 root root 308 2008-06-16 22:40 /lib/terminfo/d/dumb
> > [...]
>
> Maybe you could provide us with the part of your dpkg.log relative to
> that particular “aptitude reinstall” run, maybe there are some leads
> there.
>
> You could also strace it, following its childs.
debsums is doing it:
32321 execve("/usr/bin/debsums", ["/usr/bin/debsums", "--generate=nocheck",
"-sp", "/var/cache/apt/archives"], [/* 18 vars */]) = 0
...
32321 lstat64("wsvt25", {st_mode=S_IFLNK|0777, st_size=22, ...}) = 0
32321 chmod("wsvt25", 0777) = 0
32321 lstat64("wsvt25", {st_mode=S_IFLNK|0777, st_size=22, ...}) = 0
32321 unlink("wsvt25") = 0
It looks like it's unpacking the archive under /tmp, generating
checksums, then deleting the files as it goes. Before unlinking it uses
chmod, presumably to ensure the unlink will succeed. But chmod follows
sym-links, and these sym-links are absolute so it chmods the installed
files!
...and a little investigation shows debsums is just using File::Path::rmtree.
Ben.
- -- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (100, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.25-2-686 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages debsums depends on:
ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy
ii perl 5.10.0-10 Larry Wall's Practical Extraction
debsums recommends no packages.
- -- debconf information:
debsums/apt-autogen: true
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIXDED79ZNCRIGYgcRAjqKAKCx2e/tBqjv0VSxmshtCgLwddKKyACghswA
pcsZLTltsPcRMAmBiBW4q0s=
=FSgb
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
I think that debsum's usage for rmtree is okay.
--
_________________________
Ryan Niebur
[email protected]
signature.asc
Description: Digital signature
--- End Message ---
