[Pkg-kde-extras] Bug#496452: kvpnc: Not working with openvpn due to default script security

Debian BTS Sun, 24 Aug 2008 13:41:07 -0700

level
Reply-To: Tobias Koch <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Resent-From: Tobias Koch <[EMAIL PROTECTED]>
Resent-To: [EMAIL PROTECTED]
Resent-CC: [EMAIL PROTECTED], Debian KDE Extras Team 
<pkg-kde-extras@lists.alioth.debian.org>
Resent-Date: Sun, 24 Aug 2008 20:36:01 +0000
Resent-Message-ID: <[EMAIL PROTECTED]>
Resent-Sender: [EMAIL PROTECTED]
X-Debian-PR-Message: report 496452
X-Debian-PR-Package: kvpnc
X-Debian-PR-Keywords: 
X-Debian-PR-Source: kvpnc
Received: via spool by [EMAIL PROTECTED] id=B.121961013831012
          (code B ref -1); Sun, 24 Aug 2008 20:36:01 +0000
Received: (at submit) by bugs.debian.org; 24 Aug 2008 20:35:38 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.4-bugs.debian.org_2005_01_02 
        (2006-07-26) on rietz.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.3 required=4.0 tests=BAYES_00,DNS_FROM_RFC_POST,
        FORGED_RCVD_HELO,FOURLA,HAS_PACKAGE,IMPRONONCABLE_2,RCVD_IN_SORBS_DUL,
        SUBJECT_ENCODED_TWICE,SUBJECT_EXCESS_QP,XMAILER_REPORTBUG,
        X_DEBBUGS_CC autolearn=no version=3.1.4-bugs.debian.org_2005_01_02
Received: from p54a74205.dip.t-dialin.net ([84.167.66.5] 
helo=adriano.tojoko.dyndns.org)
        by rietz.debian.org with esmtp (Exim 4.63)
        (envelope-from <[EMAIL PROTECTED]>)
        id 1KXMJF-00083Z-LL
        for [EMAIL PROTECTED]; Sun, 24 Aug 2008 20:35:37 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Tobias Koch <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Message-ID: <[EMAIL PROTECTED]>
X-Mailer: reportbug 3.44
Date: Sun, 24 Aug 2008 22:35:36 +0200
Delivered-To: [EMAIL PROTECTED]


Package: kvpnc
Version: 0.9.0-1
Severity: important


The default script security level of the openvpn package in lenny does 
not allow the execution of user-defined programs or scripts. kvpnc,
which uses hook scripts with openvpn to import for example routing 
information, which is pushed from the server to the client, is not aware 
of this. Bringing up the VPN connection fails with the error message 
shown below. As far as I can tell, there is no way to set the 
script security level in kvpnc or to configure kvpnc to pass additional 
arguments to the vpn server executable.

I'm not sure if this should be rated 'important', as it's less of a bug 
than rather a missing feature, but it sure will hurt many users.

Cheers,
Tobias

Debug: [openvpn] Sun Aug 24 22:00:51 2008 
/home/tobias/.kde/share/apps/kvpnc/openvpn.office.up tun0 1500 1544 
192.168.253.6 192.168.253.5 init
Debug: [openvpn] Sun Aug 24 22:00:51 2008 openvpn_execve: external 
program may not be called due to setting of --script-security level
Debug: [openvpn] Sun Aug 24 22:00:51 2008 script failed: external 
program fork failed
Debug: [openvpn] Sun Aug 24 22:00:51 2008 Exiting
Debug: OpenvpnManagementHandler raw: >FATAL:script failed: external 
program fork failed 
Debug: OpenvpnManagementHandler: eine andere management-Nachricht wurde 
bekommen: >FATAL:script failed: external program fork failed 


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.25-2-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages kvpnc depends on:
ii  gksu                    2.0.0-5          graphical frontend to su
ii  kdelibs4c2a             4:3.5.9.dfsg.1-6 core libraries and binaries for al
ii  libc6                   2.7-13           GNU C Library: Shared libraries
ii  libgcrypt11             1.4.1-1          LGPL Crypto library - runtime libr
ii  libqt3-mt               3:3.3.8b-5       Qt GUI Library (Threaded runtime v
ii  libstdc++6              4.3.1-2          The GNU Standard C++ Library v3
ii  menu                    2.1.40           generates programs menu for all me
ii  module-init-tools       3.4-1            tools for managing Linux kernel mo
ii  net-tools               1.60-19          The NET-3 networking toolkit
ii  psmisc                  22.6-1           Utilities that use the proc filesy

kvpnc recommends no packages.

Versions of packages kvpnc suggests:
ii  iptables                      1.4.1.1-2  administration tools for packet fi
pn  openct                        <none>     (no description available)
pn  opensc                        <none>     (no description available)
ii  openssl                       0.9.8g-13  Secure Socket Layer (SSL) binary a
pn  openswan                      <none>     (no description available)
ii  openvpn                       2.1~rc9-3  virtual private network daemon
pn  pptp-linux                    <none>     (no description available)
pn  racoon                        <none>     (no description available)
pn  vpnc                          <none>     (no description available)
pn  xl2tpd                        <none>     (no description available)

-- no debconf information



_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#496452: kvpnc: Not working with openvpn due to default script security

Reply via email to