Your message dated Sun, 29 May 2011 10:47:10 +0000
with message-id <[email protected]>
and subject line Bug#609762: fixed in amavisd-milter 1.5.0-3
has caused the Debian Bug report #609762,
regarding amavisd-milter: Init script changes owner of current directory to
'amavis'
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
609762: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609762
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: amavisd-milter
Version: 1.5.0-2
Severity: grave
Tags: security
Justification: user security hole
After "sudo bash" I issued "/etc/init.d/amavisd-milter restart".
What a surprise! My home directory got owned by user amavis.
Running init script under bash -vx reveals the problem:
[ $MILTERSOCKET ] && ([ -d $(dirname $MILTERSOCKET) ] || mkdir $(dirname
$MILTERSOCKET) && chown $USER $(dirname $MILTERSOCKET))
+ '[' inet6:60001 ']'
dirname $MILTERSOCKET
++ dirname inet6:60001
+ '[' -d . ']'
dirname $MILTERSOCKET
++ dirname inet6:60001
+ chown amavis .
Yes, of course: the root directory is also owned by amavis(!!!) due
to the first boot process since installing amavisd-milter package. :-(
And some other random directories too that were cwd when starting
daemon by hand.
Gabor
-- System Information:
Debian Release: 5.0.7
APT prefers stable
APT policy: (700, 'stable'), (500, 'proposed-updates')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages amavisd-milter depends on:
ii amavisd-new 1:2.6.4-1~bpo50+1 Interface between MTA and virus sc
ii libc6 2.7-18lenny7 GNU C Library: Shared libraries
ii libmilter1.0.1 8.14.3-5+lenny1 Sendmail Mail Filter API (Milter)
Versions of packages amavisd-milter recommends:
ii postfix 2.5.5-1.1 High-performance mail transport ag
amavisd-milter suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: amavisd-milter
Source-Version: 1.5.0-3
We believe that the bug you reported is fixed in the latest version of
amavisd-milter, which is due to be installed in the Debian FTP archive:
amavisd-milter-dbg_1.5.0-3_i386.deb
to main/a/amavisd-milter/amavisd-milter-dbg_1.5.0-3_i386.deb
amavisd-milter_1.5.0-3.debian.tar.gz
to main/a/amavisd-milter/amavisd-milter_1.5.0-3.debian.tar.gz
amavisd-milter_1.5.0-3.dsc
to main/a/amavisd-milter/amavisd-milter_1.5.0-3.dsc
amavisd-milter_1.5.0-3_i386.deb
to main/a/amavisd-milter/amavisd-milter_1.5.0-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
[email protected] (supplier of updated amavisd-milter package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 28 Mar 2011 22:38:07 +0200
Source: amavisd-milter
Binary: amavisd-milter amavisd-milter-dbg
Architecture: source i386
Version: 1.5.0-3
Distribution: unstable
Urgency: low
Maintainer: Harald Jenny <[email protected]>
Changed-By: [email protected]
Description:
amavisd-milter - amavisd-new interface for milter-capable MTAs
amavisd-milter-dbg - amavisd-new interface for milter-capable MTAs - debugging
symbols
Closes: 609762
Changes:
amavisd-milter (1.5.0-3) unstable; urgency=low
.
* debian/changelog:
- Added thanks to initiator of two changes (forgot last time).
- Reformatted changelog for better legibility.
* debian/control:
- Bumped Standards to 3.9.1 (no changes needed).
- Added build dependency on hardening-includes.
- Really make package 3.9.0 Standards compliant by changing Conflicts to
Breaks (overlooked this fact last time).
- Added Provides and Replaces for amavisd-new-milter to simplify upgrading
from lenny to squeeze-backports.
- Build-Depend on debhelper changed to >= 8.0.0.
- Made build depedency on autotools-dev versioned to >= 20100122.1 (needed
for debhelper helpers).
- Made depedency on libmilter versioned to >= 8.14.3-9.5 (needed for
pulling in a version fixing bug #527862).
* debian/rules:
- Added rules to include hardening flags in compilation.
- Changed dh_installinit invocation to restart amavisd-milter after upgrade
for minimizing daemon downtime.
- Removed dh_installchangelogs override as upstream changelog gets picked
up automatically.
- Changed to use autotools_dev option with dh.
- Cleaned up and minimized ruleset.
* debian/patches/*-location:
- Corrected the mail address in the patches and modified the timestamp
accordingly.
* debian/patches/ax_path_milter-flags-fix:
- Grabbed patch from upstream CVS to fix problem with LDFLAGS (requiring
recreation of configure script).
* debian/patches/configure-flags-fix:
- Created patch to modify configure directly instead of recreating it (to
minimize changeset).
* debian/compat:
- Bumped Version to 8.
* debian/amavisd-milter.init:
- Rewrote some parts of the init script to make the code more error
resistant (thanks to Gabor Kiss for the initial bug report and Teodor
Micu and Agustin Martin for the valuable help).
Closes: #609762: amavisd-milter: Init script changes owner of current
directory to 'amavis'
* debian/amavisd-milter.default:
- Modified configfile to comply with changed code in init script.
* debian/copyright:
- Modified to comply with current DEP-5 candidate (thanks to Dominique
Dumont for the libconfig-model-perl parser).
- Changed license for debian packaging to match the one used by upstream
simplifying patch exchange (thanks to Paul Wise and Charles Plessy for
the the valuable help).
Checksums-Sha1:
fd8aa6acfb4e72cc120e5f751fe32890424eddb4 1296 amavisd-milter_1.5.0-3.dsc
eeaaddb853f2d841d21855f338339d5ee0ffee60 8614
amavisd-milter_1.5.0-3.debian.tar.gz
30114dfe39d7ea23e246676f7ab03fcee0761406 35158 amavisd-milter_1.5.0-3_i386.deb
797804f98ba2a20a44d0b27a21cf30ab78630f49 20862
amavisd-milter-dbg_1.5.0-3_i386.deb
Checksums-Sha256:
6ecb3e8eb631441ed4a5baaa5001f0d2f93b9d6b1e50ca2f5571a748a633795c 1296
amavisd-milter_1.5.0-3.dsc
1da127db39613977c1447c632f47dcbb2a8a3ecf77eabef16c5cb28a856d1e3a 8614
amavisd-milter_1.5.0-3.debian.tar.gz
046c7c86b3a7e5e758fd6a2983a3d3c90beda20f5497825391503536887eac4f 35158
amavisd-milter_1.5.0-3_i386.deb
efe974ef7ac74ddb66e0fc04a7f2b95b11c8faeac06ae86caac637fadeae755f 20862
amavisd-milter-dbg_1.5.0-3_i386.deb
Files:
7c3e010170b27e6b6a3f30dc2f3efa87 1296 mail extra amavisd-milter_1.5.0-3.dsc
d849895c124c07643c408a12cb9784d3 8614 mail extra
amavisd-milter_1.5.0-3.debian.tar.gz
773cd550e7d9ccfa0b47dafaff9dce26 35158 mail extra
amavisd-milter_1.5.0-3_i386.deb
27e4b6c2b0ae17d31fb7487af24b854d 20862 debug extra
amavisd-milter-dbg_1.5.0-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk3g8pgACgkQDcs5RBTUBgs4EwCeO4M4ND4MaW08RIv4KomggVaY
Mm0AoJMqQfMywZgJIw0jQoZUzcH3+fIk
=RaZe
-----END PGP SIGNATURE-----
--- End Message ---
