[Bug 646777] Re: security alert: path race exploited in recursion
** Changed in: cfengine3 (Debian) Status: New = Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/646777 Title: security alert: path race exploited in recursion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cfengine3/+bug/646777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 646777] Re: security alert: path race exploited in recursion
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: cfengine3 (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/646777 Title: security alert: path race exploited in recursion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cfengine3/+bug/646777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 646777] Re: security alert: path race exploited in recursion
As pointed out by Chris Dumont in the matching Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611659#20 the problem here is not the symlink, but the fact that the update.cf from the examples directory is still using the old path, thus causing the symlink to be used, whereas it can just as easily point directly at /etc/cfengine3, so don't mess around with the symlinks, particularly since that breaks FHS, but rather just fix the broken example configuration file. (the Debian bug comment referred to above includes a diff that shows precisely what is needed) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/646777 Title: security alert: path race exploited in recursion To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cfengine3/+bug/646777/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 646777] Re: security alert: path race exploited in recursion
** Bug watch added: Debian Bug tracker #611659 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611659 ** Also affects: cfengine3 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611659 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/646777 Title: security alert: path race exploited in recursion -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 646777] Re: security alert: path race exploited in recursion
** Changed in: cfengine3 (Debian) Status: Unknown = New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/646777 Title: security alert: path race exploited in recursion -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 646777] Re: security alert: path race exploited in recursion
Yeah, making /var/lib/cfengine3/inputs a real directory and linking /etc/cfengine3 to /var/lib/cfengine3/inputs worked nicely. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/646777 Title: security alert: path race exploited in recursion -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs