Your message dated Tue, 21 Feb 2006 07:17:11 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#291613: fixed in xshisen 1.51-1-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Subject: ~/.xshisenrc owned by group games, follows symlinks
Package: xshisen
Version: 1.51-1-1.1
Severity: important
Tags: security
Hello,
xshisen writes a ~/.xshisenrc file with configuration information. The program
is setgid games, so the .xshisenrc file ends up being owned by group games, and
the program follows symlinks when writing it. This adds up to a local user
being able to overwrite files owned by group games and create new files where
the games group is allowed to do so.
To test this, you simply create a symlink, start xshisen, change some
configuration settings, start playing and then exit the program. An example
can be found in this session capture:
[EMAIL PROTECTED]:~$ cat /var/games/rockdodger.scores
109782 Ulf
29846 Ulf
13000 Pad
12500 Pad
6500 Pad
5000 Pad
3000 Pad
2500 Pad
[EMAIL PROTECTED]:~$ ln -s /var/games/rockdodger.scores .xshisenrc
[EMAIL PROTECTED]:~$ ls -al .xshisenrc
lrwxrwxrwx 1 metaur metaur 28 2005-01-21 20:36 .xshisenrc ->
/var/games/rockdodger.scores
[EMAIL PROTECTED]:~$ xshisen
[EMAIL PROTECTED]:~$ cat /var/games/rockdodger.scores
XShisen*gameSize: 0
XShisen*trialMode: false
XShisen*gravityMode: true
XShisen*imageSet: 2
[EMAIL PROTECTED]:~$
I suggest fixing this by either dropping privileges when writing .xshisenrc or
making sure that .xshisenrc isn't a symlink.
// Ulf Harnhammar
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages xshisen depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libgcc1 1:3.4.3-6 GCC support library
ii libice6 4.3.0.dfsg.1-10 Inter-Client Exchange library
ii libsm6 4.3.0.dfsg.1-10 X Window System Session Management
ii libstdc++5 1:3.3.5-5 The GNU Standard C++ Library v3
ii libx11-6 4.3.0.dfsg.1-10 X Window System protocol client li
ii libxaw7 4.3.0.dfsg.1-10 X Athena widget set library
ii libxmu6 4.3.0.dfsg.1-10 X Window System miscellaneous util
ii libxpm4 4.3.0.dfsg.1-10 X pixmap library
ii libxt6 4.3.0.dfsg.1-10 X Toolkit Intrinsics
ii xlibs 4.3.0.dfsg.1-10 X Keyboard Extension (XKB) configu
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: xshisen
Source-Version: 1.51-1-2
We believe that the bug you reported is fixed in the latest version of
xshisen, which is due to be installed in the Debian FTP archive:
xshisen_1.51-1-2.diff.gz
to pool/main/x/xshisen/xshisen_1.51-1-2.diff.gz
xshisen_1.51-1-2.dsc
to pool/main/x/xshisen/xshisen_1.51-1-2.dsc
xshisen_1.51-1-2_i386.deb
to pool/main/x/xshisen/xshisen_1.51-1-2_i386.deb
xshisen_1.51-1.orig.tar.gz
to pool/main/x/xshisen/xshisen_1.51-1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Zak B. Elep <[EMAIL PROTECTED]> (supplier of updated xshisen package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 21 Feb 2006 22:35:26 +0800
Source: xshisen
Binary: xshisen
Architecture: source i386
Version: 1.51-1-2
Distribution: unstable
Urgency: high
Maintainer: Zak B. Elep <[EMAIL PROTECTED]>
Changed-By: Zak B. Elep <[EMAIL PROTECTED]>
Description:
xshisen - Shisen-sho puzzle game for X11
Closes: 213957 289784 291279 291613 292065 346854
Changes:
xshisen (1.51-1-2) unstable; urgency=low
.
* New maintainer (as agreed with former maintainer; see
http://lists.debian.org/debian-devel/2006/02/msg00007.html)
* Fix strange source packaging problem (Closes: #291279)
* debian/control:
- Changed build system to CDBS + debhelper.
- Bump Standards-Version.
- Bump debhelper Build-Depends to (>= 5) ; updated compat too.
- Slightly touch description; added homepage too.
* debian/patches:
- Added 10_oldfixes.patch . Must sort the various hunks out soon.
Acknowledging NMUs .
- Added 11_manpage_fixes.patch to properly format C and ja manpages.
- Added 20_autotools_update.patch .
* debian/rules:
- Remove extra Japanese manpages as suggested by Nicolas François.
Remove app-defaults for these extra locales too.
* debian/menu:
- Properly quote menu entry.
.
xshisen (1.51-1-1.3) unstable; urgency=low
.
* Non-maintainer upload to do xlibs-dev transition.
* Update debian/control to not build-depend on xlibs-dev anymore. (Closes:
#346854)
* Fix Makefile.in to reflect GNU make behaviour change regarding line
continuations and whitespace.
.
xshisen (1.51-1-1.2) unstable; urgency=HIGH
.
* NMU (at maintainer's request).
* Add NO_GLOBAL_HIGHSCORE define which crudely disables the support for
a global score file.
* Remove sgid bit. Closes: #291613, #292065
* Comment out code in postinst that set up /var/games/xshisen.scores,
but for now, do not delete that file on upgrade.
* Add README.Debian.
.
xshisen (1.51-1-1.1) unstable; urgency=HIGH
.
* NMU
* Fix buffer overflow in handling of GECOS field (CAN-2005-0117)
using patch from Ulf Harnhammar. Closes: #289784
.
xshisen (1.51-1-1) unstable; urgency=high
.
* Non-maintainer upload with consent from Grzegorz.
* Fix a locally exploitable buffer overflow allowing GID(games).
(Closes: #213957)
Files:
9bb81ea94342beafadfc0554cda517aa 660 games optional xshisen_1.51-1-2.dsc
5f0ef1d7811401876de717fd6771fe47 85350 games optional
xshisen_1.51-1.orig.tar.gz
6f2400fcf46f8feecb2f25e2547e2951 79053 games optional xshisen_1.51-1-2.diff.gz
51737af066b25119295ba5c8317ee375 61262 games optional xshisen_1.51-1-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD+yumlAuUx1tI/64RAgQpAJ4+6/S5G1rOUtHbGbu6d3/BoGL1ewCfdXuT
oXQMYfMT/5MqMDvqwd6rfHM=
=mJ0A
-----END PGP SIGNATURE-----
--- End Message ---
