Your message dated Fri, 11 Feb 2005 10:18:58 -0600
with message-id <[EMAIL PROTECTED]>
and subject line Bug#294544: unr
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 10 Feb 2005 09:24:47 +0000
>From [EMAIL PROTECTED] Thu Feb 10 01:24:47 2005
Return-path: <[EMAIL PROTECTED]>
Received: from hawkesnest.net (tiberius.hawkesnest.net) [68.78.212.97]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CzAZ5-0006AW-00; Thu, 10 Feb 2005 01:24:47 -0800
Received: from hawke by tiberius.hawkesnest.net with local (Exim 4.34)
id 1CzATu-0004eQ-3W; Thu, 10 Feb 2005 03:19:26 -0600
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Alex Mauer <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: sfs-server: enables any user to manipulate any file exported from the
server,
ignoring permissions
X-Mailer: reportbug 3.2
Date: Thu, 10 Feb 2005 03:19:26 -0600
Message-Id: <[EMAIL PROTECTED]>
X-hawkesnest-MailScanner: Found to be clean
X-hawkesnest-MailScanner-SpamCheck: not spam, SpamAssassin (score=-5.871,
required 6, autolearn=not spam, ALL_TRUSTED -3.30, AWL 0.03,
BAYES_00 -2.60)
X-MailScanner-From: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: sfs-server
Version: 1:0.8-0+pre20041016.1-1
Severity: grave
Tags: security
Justification: user security hole
I created a file owned by root on the sfs server, permissions rw-r--r--.
Ran sfskey login to my non-root server account, I was able to remove the file.
Tested this for non-root users as well: any user can remove any other users
file.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages sfs-server depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libdb4.2 4.2.52-17 Berkeley v4.2 Database Libraries [
ii libgcc1 1:3.4.3-6 GCC support library
ii libgmp3 4.1.4-5 Multiprecision arithmetic library
ii libpam0g 0.76-22 Pluggable Authentication Modules l
ii libsfs0 1:0.8-0+pre20041016.1-1 Self-Certifying File System shared
ii libstdc++5 1:3.3.5-5 The GNU Standard C++ Library v3
ii nfs-kernel-serve 1:1.0.7-1 Kernel NFS server support
ii sfs-common 1:0.8-0+pre20041016.1-1 Self-Certifying File System common
-- no debconf information
---------------------------------------
Received: (at 294544-done) by bugs.debian.org; 11 Feb 2005 16:20:24 +0000
>From [EMAIL PROTECTED] Fri Feb 11 08:20:24 2005
Return-path: <[EMAIL PROTECTED]>
Received: from hawkesnest.net (tiberius.hawkesnest.net) [68.78.212.97]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CzdWq-0008LD-00; Fri, 11 Feb 2005 08:20:24 -0800
Received: from [208.255.6.238] (helo=gtpl2332l.bgt.banta.com)
by tiberius.hawkesnest.net with asmtp (TLS-1.0:RSA_ARCFOUR_MD5:16)
(Exim 4.34)
id 1CzdVn-0006IS-AP; Fri, 11 Feb 2005 10:19:19 -0600
Subject: Re: Bug#294544: unr
From: Alex Mauer <[EMAIL PROTECTED]>
To: Clint Adams <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="=-pcflTxxPGNo6Q3qQHq+j"
Date: Fri, 11 Feb 2005 10:18:58 -0600
Message-Id: <[EMAIL PROTECTED]>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.3
X-hawkesnest-MailScanner: Found to be clean
X-hawkesnest-MailScanner-SpamCheck: not spam, SpamAssassin (score=-5.873,
required 6, autolearn=not spam, ALL_TRUSTED -3.30, AWL 0.03,
BAYES_00 -2.60)
X-MailScanner-From: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--=-pcflTxxPGNo6Q3qQHq+j
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
On Thu, 2005-02-10 at 10:26 -0500, Clint Adams wrote:
> I cannot reproduce this in directories which I do not own.
>=20
I'm an idiot, nevermind. That'll teach me to diagnose problems and
report bugs at 3:30.
--=20
Bad - You get pulled over for doing 90 in a school zone and you're drunk
off your ass again at three in the afternoon.
Worse - The cop is drunk too, and he's a mean drunk.
FUCK! - A mean drunk that's actually a swarm of semi-sentient
flesh-eating beetles.
gpg/gpg key id: 51192FF2 @ subkeys.pgp.net
--=-pcflTxxPGNo6Q3qQHq+j
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.92 (GNU/Linux)
iD8DBQBCDNryspyc9T9S9Z8RAm5aAJ9C6eQ0X0nGemy0/ugHQTI4FevEOgCfSOgf
c6vqKiRzOLPrBvc/Rg0i2FA=
=boJX
-----END PGP SIGNATURE-----
--=-pcflTxxPGNo6Q3qQHq+j--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
