Bug#873365: marked as done (librad0: radUtilsBecomeDaemon should not set umask(0))

Debian Bug Tracking System Fri, 08 Sep 2017 11:40:17 -0700

Your message dated Fri, 08 Sep 2017 18:36:41 +0000
with message-id <[email protected]>
and subject line Bug#873365: fixed in radlib 2.12.0-5
has caused the Debian Bug report #873365,
regarding librad0: radUtilsBecomeDaemon should not set umask(0)
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
873365: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873365
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: librad0
Version: 2.12.0-4
Severity: normal

Dear Maintainer,

Thanks for packaging radlib!  As a wview user it's nice to see one of
its dependencies added to the official repos.

I recently realized that wview creates most files world-writable, which
is a pretty big security issue.  The cause is the radlib
radUtilsBecomeDaemon function unconditionally calling umask(0) after
fork() and none of the wview daemons call umask with a sane value after
that.  This is radlib issue #2 which was opened in 2011 and hasn't
received any comment.[1]

I was hoping you might be willing to carry a patch which removes the
umask(0) call.  Otherwise I (and presumably many other users of radlib)
will need to update all calls to radUtilsBecomeDaemon to save/restore
the umask.

Thanks for considering,
Kevin

1.  https://sourceforge.net/p/radlib/bugs/2/


-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-kevinoid1 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), 
LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages librad0 depends on:
ii  libc6         2.24-14
ii  libsqlite3-0  3.19.3-3

librad0 recommends no packages.

Versions of packages librad0 suggests:
pn  librad0-tools  <none>

--- End Message ---

--- Begin Message ---

Source: radlib
Source-Version: 2.12.0-5

We believe that the bug you reported is fixed in the latest version of
radlib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated radlib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 08 Sep 2017 18:12:00 +0200
Source: radlib
Binary: radlib-dev librad0-tools librad0
Architecture: source amd64
Version: 2.12.0-5
Distribution: sid
Urgency: medium
Maintainer: Debian IoT Maintainers 
<[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Description:
 librad0    - rapid application development library
 librad0-tools - tools for rapid application development library
 radlib-dev - development file for librad0
Closes: 873365
Changes:
 radlib (2.12.0-5) unstable; urgency=medium
 .
   * add patch umask.patch (Closes: #873365)
   * debian/control: bump standard to 4.1.0 (no changes)
   * debian/control: remove redundant dependency of autotools-dev
Checksums-Sha1:
 ccaadc689dff7037d1ff45c76aaf4a81e7669b63 2184 radlib_2.12.0-5.dsc
 b8a2905c8a37976cb7fe99495bef314a62076c57 503764 radlib_2.12.0.orig.tar.gz
 0c899cb71199179971e91ed4acf256a637b01f23 4600 radlib_2.12.0-5.debian.tar.xz
 4189ac45ae8f1d6404b8314cdbc57f3d5bac98db 124364 
librad0-dbgsym_2.12.0-5_amd64.deb
 699371eb28517bc26fcef393080e928a05c2613b 25184 
librad0-tools-dbgsym_2.12.0-5_amd64.deb
 6f2ebe1d39918fc95392a4ff402afcde6d5558b7 20022 librad0-tools_2.12.0-5_amd64.deb
 324925330f46b8a55d2425a09f735aeeaa6f692a 57562 librad0_2.12.0-5_amd64.deb
 62848a3bc45a09a6f46ba53fcf4137821aca30c5 114992 radlib-dev_2.12.0-5_amd64.deb
 fb0ece0473e875e5276e8797e8653e1a747b6286 6616 radlib_2.12.0-5_amd64.buildinfo
Checksums-Sha256:
 78b3455c8afed8375e045ac4e64f101af75bd51ae94a4fd7cb9576fa3a334251 2184 
radlib_2.12.0-5.dsc
 f44e1a6f12169bd976f84a8ee2e7a6167133cd27fd20d2906cb6a1a9ed220f4d 503764 
radlib_2.12.0.orig.tar.gz
 e38155b542ee45d080d016ee604a5fd891a70bfcee6f130eb1f619c432bbb66b 4600 
radlib_2.12.0-5.debian.tar.xz
 8c373c83ed37180df76bb3c9c3acbd5c702c5489bd1ce510027e71a40ab03588 124364 
librad0-dbgsym_2.12.0-5_amd64.deb
 c25c6061318198043e5548ceb8034a0ee3ad5c995a8ccb5b425da0fd443915ad 25184 
librad0-tools-dbgsym_2.12.0-5_amd64.deb
 fb8bf52fbd43f8403f56bb8b57f68c080cd2c5393dd89f2d5aeeeb9dd1aba24c 20022 
librad0-tools_2.12.0-5_amd64.deb
 b68dbf303ee7f46da14d32703d24bcf99a15585937fcafcd770f534a855fc1d9 57562 
librad0_2.12.0-5_amd64.deb
 c34cf27bb5b654c7daf03e7c174d0122306e10787f80c0cf64acf4c7065c4991 114992 
radlib-dev_2.12.0-5_amd64.deb
 96ced1afa763561da8772aae64ed8f64165e296ff9ff80fcc5bd82145ce0a4c8 6616 
radlib_2.12.0-5_amd64.buildinfo
Files:
 221e1f9f50899a4fa53d94ae9d300df4 2184 libs extra radlib_2.12.0-5.dsc
 5ad776e8131e44f417dbb4786dc7a57c 503764 libs extra radlib_2.12.0.orig.tar.gz
 00ba6974bd84ba693cdc71b84893027f 4600 libs extra radlib_2.12.0-5.debian.tar.xz
 3b8272364b87f4509290864f87dd78db 124364 debug extra 
librad0-dbgsym_2.12.0-5_amd64.deb
 360a8fe6fc0675fa48a3501a8866fdd6 25184 debug extra 
librad0-tools-dbgsym_2.12.0-5_amd64.deb
 e7992d82207966c28873155e3abbb1b8 20022 libs extra 
librad0-tools_2.12.0-5_amd64.deb
 05c1bae3e1a13cce83100122d89c4016 57562 libs extra librad0_2.12.0-5_amd64.deb
 a0d6ef57d3c58f4daa3ad0781b236c49 114992 libdevel extra 
radlib-dev_2.12.0-5_amd64.deb
 8c4be9ebd786b46883a78d2f80618b96 6616 libs extra 
radlib_2.12.0-5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlmy3PdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR6gnEACFr1Uy5KkpH7e1HU0Ij8p2cdJ+TgIt
TFPkNDb2Le4h7rcCh3B9eqxxPyXh/1BqTUUV7fwTw2nyKJpQH0XlkWQirGPAOjqP
a+6Vyde4IrrOMWb6Kxa0eTr1RX1tD/go2iLtCfCrGySm8p7WyGKjcOTYft5hay/v
g+H5+neIgQm/FZHH223KmyJ25R57W6FkEzWnJJVvs3C984bpiqIgmvcrV29WBKID
jpk4ZtA7XUr0URa/620vCTGno4i9d0g9pNIzVZ9G4x0XZCc3cU7H/N3Lg4lyPcRL
3M323S6No0O3Q5FQKG8STJklvEz3foqJUJgVOjHlBG9fSGrnknYneewmOkom7I/h
f2M8EzUrRPbuVEzCeqI+a1qE8sIz6P+soC0ueXI0OWEAvaEvLBal5FPngAn7T+cg
/X/4YR2TxkQo79N3qspvSjwNu7ZN0AAYbf/3BR9rxm98mHkGmu6f396IlrjJcZBh
EDP4CaSDMUuwDb/EvakAgHJi9803GbCOOsHYdSip8AwuyX8xUpCIPRGrMLAFZ9LN
lOB7Lgq4uA4O9MZDLM/eAnTuTuYPQ4Jqr4VOY7u6g/33BUWZvbAKScX+os8ZZGBL
tzdfiV4nIhe9rTRFZYfl/qOFVBI16QRQypjqxw4UIsD3Nq8RcvgXB7fISNp0UyaM
ph3zCyKOtf6KqA==
=Ehz1
-----END PGP SIGNATURE-----

--- End Message ---

Bug#873365: marked as done (librad0: radUtilsBecomeDaemon should not set umask(0))

Reply via email to