Hi,
Thanks for the comments to dbginfo.sh.
We added the following patch to restrict access of collected data and to
remind customer reviewing the result.
diff --git a/scripts/dbginfo.sh b/scripts/dbginfo.sh
index d0e2289..b3938a7 100755
--- a/scripts/dbginfo.sh
+++ b/scripts/dbginfo.sh
@@ -857,7 +857,7 @@ environment_setup()
echo "${DATETIME}" > "${LOCKFILE}"
fi
- if ! mkdir "${WORKPATH}" 2>/dev/null; then
+ if ! mkdir -m 0600 "${WORKPATH}" 2>/dev/null; then
echo "${SCRIPTNAME}: Error: Target directory
\"${WORKPATH}\" already exists or"
echo " \"${WORKDIR_BASE}\" does not exist!"
exit 1
@@ -879,12 +879,15 @@ create_package()
pr_stdout " Please check the directory
\"${WORKDIR_BASE}\""
pr_stdout " to provide enough free available
space."
else
+ chmod 0600 "${WORKARCHIVE}"
pr_stdout " "
pr_stdout "Collected data was saved to:"
pr_stdout " >> ${WORKARCHIVE} <<"
fi
pr_stdout " "
+ pr_stdout "Review the collected data before sending to your service
organization. "
+ pr_stdout " "
}
> ----- Forwarded message from Philipp Kern <[email protected]> -----
>
> Date: Sun, 13 Dec 2015 15:50:01 +0100
> From: Philipp Kern <[email protected]>
> To: dann frazier <[email protected]>, [email protected]
> Cc: Hendrik Brueckner <[email protected]>
> Subject: Re: Bug#807442: patch
> Message-ID: <[email protected]>
> X-Spam-Status: No, score=0 tagged_above=-9999 required=6.2 tests=
> [none] autolearn=disabled
>
> On Tue, Dec 08, 2015 at 03:17:49PM -0700, dann frazier wrote:
> > diff -Nru s390-tools-1.32.0/debian/changelog s390-tools-1.32.0/
> debian/changelog
> > --- s390-tools-1.32.0/debian/changelog 2015-10-25 17:12:02.000000000
+0100
> > +++ s390-tools-1.32.0/debian/changelog 2015-12-08 23:14:52.000000000
+0100
> > @@ -1,3 +1,9 @@
> > +s390-tools (1.32.0-2) UNRELEASED; urgency=medium
> > +
> > + * Add dbginfo.sh. (Closes: #807442)
> > +
> > + -- dann frazier <[email protected]> Tue, 08 Dec 2015 22:33:52 +0100
> > +
> > s390-tools (1.32.0-1) unstable; urgency=medium
> >
> > * New upstream release
> > diff -Nru s390-tools-1.32.0/debian/s390-tools.install s390-
> tools-1.32.0/debian/s390-tools.install
> > --- s390-tools-1.32.0/debian/s390-tools.install 2014-07-26 23:
> 59:18.000000000 +0200
> > +++ s390-tools-1.32.0/debian/s390-tools.install 2015-12-08 23:
> 08:30.000000000 +0100
> > @@ -10,6 +10,10 @@
> > /sbin/dasdview
> > /usr/share/man/man8/dasdview.8
> >
> > +# dbginfo.sh
> > +/sbin/dbginfo.sh
> > +/usr/share/man/man1/dbginfo.sh.1
> > +
> > # fdasd
> > /sbin/fdasd
> > /usr/share/man/man8/fdasd.8
>
> Three comments:
>
> * dbginfo.sh should tell the user that the information in the tarball
> is sensitive.
> * The resulting tarball should be 0600 by default. (The script needs
> to run as root anyway, but placing the result world-readable in
> /tmp does not seem smart.)
> * Unless this is expected to be in /sbin, given that it's user
> invoked and not usually scripted, should this be in /usr/sbin
> instead?
>
> Kind regards and thanks
> Philipp Kern
>
>
