Bug#826542: gnome-orca: DM wrapper not removed when deinstalling package
Package: gnome-orca Version: 3.20.2-1 Severity: normal Dear Maintainer, after deinstalling the package gnome-orca, lightdm failed to bring up an X session - unfortunately without any clear hint to the underlying problem. Having finally made the connection to the deinstallation of gnome-orca, it proved that this package failed to remove this configuration file: /etc/xdg/lightdm/lightdm.conf.d/80_orca-dm-wrapper.conf Its manual removal rendered the lightdm session functional again. Please, consider sanitizing the deinstallation of this package. Thanks, Thomas *** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? * What exactly did you do (or not do) that was effective (or ineffective)? * What was the outcome of this action? * What outcome did you expect instead? *** End of the template - remove these template lines *** -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.5.5 (SMP w/8 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system)
Bug#808595: vsftpd bugs #808595, #808803
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello Jörg, thanks a lot! Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlZ+o18ACgkQ0Kh0pbgr4w8G6gCePAvkYnFIFhKRYp0tun/7IY3y R/8An1KRa/f9ABgENZ3dWcicUe3tOmlu =WqF7 -END PGP SIGNATURE- <>
Bug#808803: vsftpd: Filename pattern filter as used by deny_file can only match existing files
Source: vsftpd
Severity: normal
Tags: patch
Dear Maintainer,
unlike the shell command realpath(1), the library call realpath(3) is not
specified to canonize not yet existing paths. It will rather return an ENOENT
error code if a filename does not exist.
The library call realpath(3) is used by the original implemenation of the
function vsf_filename_passes_filter[ls.c:258]. This function backs the access
checkers implemented in access.c. As a non-existing file cannot be matched in
the original implementation, the deny_file option becomes ineffective for
uploading fresh files. For instance: even though deny_file=*.doc, an
example.doc may initially be uploaded. On the other hand, it may not be updated
once the file actually exists.
The appended patch implements a more intuitive behavior. It provides a custom
wrapper for the realpath(3) library call, which also tries to canonize the
isolated directory part of a non-existing path. If this step is successful, a
canonized path with the original basename is constructed. Otherwise, the match,
indeed, fails.
The provided patch:
- implements the custom wrapper for realpath(3), and
-> sysutil.h, sysutil.c
- uses this wrapper in vsf_filename_passes_filter.
-> ls.c
Note that the implemented vsf_sysutil_realpath() wrapper function allows to
turn off the directory-based canonization by deasserting the parameter
may_be_fresh. Ultimately, this feature may be used for an optimized handling
of calls from access checkers as vsf_access_check_file_visible(), which
would never create a fresh file anyhow.
---
Description: realpath wrapper to match not yet existing files in deny_file and
others
Author: Thomas B. Preußer <thomas.preus...@utexas.edu>
Last-Update: 2015-12-23
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
===
Index: ls.c
sysutil.h
sysutil.c
--- vsftpd.orig/ls.c
+++ vsftpd/ls.c
@@ -255,7 +255,7 @@
/* normalize filepath */
path = str_strdup(p_filename_str);
- normname = realpath(path, NULL);
+ normname = vsf_sysutil_realpath(path, 1);
if (normname == NULL)
goto out;
str_alloc_text(_filename_str, normname);
--- vsftpd.orig/sysutil.c
+++ vsftpd/sysutil.c
@@ -988,6 +988,51 @@
return rename(p_from, p_to);
}
+char*
+vsf_sysutil_realpath(char const *path, int may_be_fresh)
+{
+ { /* existing paths must resolve right away */
+char *const resolved = realpath(path, NULL);
+if ((resolved != NULL) || (errno != ENOENT) || !may_be_fresh)
+{
+ return resolved;
+}
+ }
+
+ { /* try to resolve directory part */
+char const *filename = strrchr(path, '/');
+char const *resolved_dir;
+if(filename == NULL)
+{
+ filename = path;
+ resolved_dir = realpath(".", NULL);
+}
+else
+{
+ char const *original_dir;
+ filename++;
+ original_dir = strndup(path, filename-path);
+ resolved_dir = realpath(original_dir, NULL);
+ free((void*)original_dir);
+}
+if(resolved_dir == NULL) return NULL;
+
+/* compose path from resolved directory and filename */
+size_t dir_len = strlen(resolved_dir);
+char *resolved;
+
+/* empty root as slash is added anyways */
+if (dir_len == 1) dir_len == 0;
+
+resolved = (char*)malloc(dir_len+strlen(filename)+2);
+strcpy(resolved, resolved_dir);
+free((void*)resolved_dir);
+resolved[dir_len] = '/';
+strcpy(resolved+dir_len+1, filename);
+return resolved;
+ }
+}
+
struct vsf_sysutil_dir*
vsf_sysutil_opendir(const char* p_dirname)
{
--- vsftpd.orig/sysutil.h
+++ vsftpd/sysutil.h
@@ -66,6 +66,7 @@
int vsf_sysutil_rmdir(const char* p_dirname);
int vsf_sysutil_chdir(const char* p_dirname);
int vsf_sysutil_rename(const char* p_from, const char* p_to);
+char* vsf_sysutil_realpath(char const *path, int may_be_fresh);
struct vsf_sysutil_dir;
struct vsf_sysutil_dir* vsf_sysutil_opendir(const char* p_dirname);
Bug#808595: vsftpd: Restrict upload and download of files to certain name patterns
Source: vsftpd
Severity: wishlist
Tags: patch
Dear Maintainer,
vsftpd provides very basic name-based access control via the deny_file option.
Files with names matching a provided pattern cannot be targeted by any
operation other than a directory listing.
The provided patch allows to restrict file uploads and downloads using the
same simple pattern specification as deny_file and hide_file introducing the
new options upload_file and download_file. If these options are specified, a
file is only permitted to be up- or downloaded if its name matches the
corresponding pattern - in addition to not matching deny_file.
The provision of distinct filename patterns for up- and download is useful
in many use cases where the served files (e.g. configurations) are different
from the collected ones (e.g. status reports). Especially in the context of
legacy ftp without SSL-secured access, this avoids risking the server to be
misused as a data relay for third parties.
The provided patch:
- introduces the new options upload_file and download_file,
-> tunables.h, tunables.c, parseconf.c
- provides corresonding access checkers,
-> access.h, access.c
- utilizes these access checkers in the corresponding operations, and
-> postlogin.c
- documents the new options in the manual page.
-> vsftpd.conf.5
The patch has been generated on the git repo:
- cloned on 2015-12-21 and
- patched with all patches included under debian/patches/.
Thus, the patch should be applied after all other patches in the root of the
repo using:
patch -p1 < upload_download_filename_pattern.patch
Description: Restrict upload and download of files to certain name patterns.
Author: Thomas B. Preußer <thomas.preus...@utexas.edu>
Last-Update: 2015-12-21
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
===
Index: access.c
access.h
parseconf.c
postlogin.c
tunables.c
tunables.h
vsftpd.conf.5
--- vsftpd.orig/access.c
+++ vsftpd/access.c
@@ -12,11 +12,27 @@
#include "tunables.h"
#include "str.h"
+static int
+vsf_match_filter(struct mystr const *const p_filename_str,
+struct mystr const *const p_access_str) {
+
+ unsigned iters = 0;
+ if (vsf_filename_passes_filter(p_filename_str, p_access_str, ))
+ {
+return 1;
+ }
+ else
+ {
+struct str_locate_result const loc_res =
+ str_locate_str(p_filename_str, p_access_str);
+return loc_res.found;
+ }
+}
+
int
vsf_access_check_file(const struct mystr* p_filename_str)
{
static struct mystr s_access_str;
- unsigned int iters = 0;
if (!tunable_deny_file)
{
@@ -26,27 +42,21 @@
{
str_alloc_text(_access_str, tunable_deny_file);
}
- if (vsf_filename_passes_filter(p_filename_str, _access_str, ))
+
+ if (vsf_match_filter(p_filename_str, _access_str))
{
return 0;
}
else
{
-struct str_locate_result loc_res =
- str_locate_str(p_filename_str, _access_str);
-if (loc_res.found)
-{
- return 0;
-}
+return 1;
}
- return 1;
}
int
vsf_access_check_file_visible(const struct mystr* p_filename_str)
{
static struct mystr s_access_str;
- unsigned int iters = 0;
if (!tunable_hide_file)
{
@@ -56,19 +66,47 @@
{
str_alloc_text(_access_str, tunable_hide_file);
}
- if (vsf_filename_passes_filter(p_filename_str, _access_str, ))
+
+ if (vsf_match_filter(p_filename_str, _access_str))
{
return 0;
}
else
{
-struct str_locate_result loc_res =
- str_locate_str(p_filename_str, _access_str);
-if (loc_res.found)
-{
- return 0;
-}
+return 1;
+ }
+}
+
+int
+vsf_access_check_file_upload(const struct mystr* p_filename_str)
+{
+ static struct mystr s_access_str;
+
+ if (!tunable_upload_file)
+ {
+return 1;
+ }
+ if (str_isempty(_access_str))
+ {
+str_alloc_text(_access_str, tunable_upload_file);
}
- return 1;
+
+ return vsf_match_filter(p_filename_str, _access_str);
}
+int
+vsf_access_check_file_download(const struct mystr* p_filename_str)
+{
+ static struct mystr s_access_str;
+
+ if (!tunable_download_file)
+ {
+return 1;
+ }
+ if (str_isempty(_access_str))
+ {
+str_alloc_text(_access_str, tunable_download_file);
+ }
+
+ return vsf_match_filter(p_filename_str, _access_str);
+}
--- vsftpd.orig/access.h
+++ vsftpd/access.h
@@ -25,5 +25,27 @@
*/
int vsf_access_check_file_visible(const struct mystr* p_filename_str);
+/* vsf_access_check_file_upload()
+ * PURPOSE
+ * Check whether the current session has permission to upload a file
+ * using the given filename.
+ * PARAMETERS
+ * p_filename_str - the filename to check upload permission for
+ * RETURNS
+ * Returns 1 if the file may be uploaded, otherwise 0.
+ */
+int vsf_access_check_file_upload(const struct mystr* p_filename_str);
+
+/* vsf_access_check_file_download()
+ * PURP
