[Bug 51085] Re: scponlyc has SUID not set
This package has been removed from Ubuntu. Closing all related bugs. ** Changed in: scponly (Ubuntu) Status: Confirmed = Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/51085 Title: scponlyc has SUID not set To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/scponly/+bug/51085/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 51085] Re: scponlyc has SUID not set
** Changed in: scponly (Debian) Status: New = Fix Released -- scponlyc has SUID not set https://bugs.launchpad.net/bugs/51085 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 51085] Re: scponlyc has SUID not set
I agree with the previous posters. I have currently 29 suid binaries installed, including stuff like pulseaudio. I was asked for exactly zero of these if I would want them suid during installation. Barring serious security holes in scponlyc, I think shipping it broken will decrease overall user security. Furthermore, I came across this bug by chance. It did not even occur to me that my shiny new Ubuntu might ship packages broken by default, so I tried figuring out my mistake. The time saved for the scponly users by not asking them about scponlyc is more than offset by the time spend by would-be scponlyc users trying to debug their setup. If you totally must ship scponly broken without asking the user (who btw specifically wanted that package. It is not like there are many packages which depend on scponly), please at least change the manpage to reflect that. I did not even find it mentioned in the documentation. Just add a Due to security concerns, scponlyc is broken by default in Debian and Ubuntu. To use it run chmod u+s /usr/sbin/scponlyc. to the manpage. If it was documented behaviour, I doubt anyone here would be enraged by this bug. I should not have to visit the upstream site of a package to learn about problems of said package in my distribution. Then again, it would be probably more useful to complain about this bug to the Debian developers. -- scponlyc has SUID not set https://bugs.launchpad.net/bugs/51085 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 51085] Re: scponlyc has SUID not set
The bug is still there. Scponly is unusable by default in Debian Etch 32-bit
2.6.18-6 (updated today) before suid bit. Hours to fix, minutes to decide as
unusable package. Scponly gives big value to Linux server or workstation box
and there are only very very few acceptable ways to use it without chroot. I
see only root may use it... But what purpose? Total points given to package
implementation: 0, none, nicht, (), [], zero, {}...
This may be also security risk - people like me, half-linuxmen, they may risk
to expose computer to people/world using for fast problem resolution scponly
when scponlyc doesn't work... and forgetting or not thinking about cd /
possibility. Today big amount of hacking has made by scripts/programs, so if
there is login available, they (robot, not they) send a script to test which
folders are with write and execute permissions available. One half-stupid
decision and you may be a terrorist :/
Debian is today better than ever, lets take some steps more! Moving ass is
sometimes simpler than mind but lets try! The mind!
--
scponlyc has SUID not set
https://bugs.launchpad.net/bugs/51085
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 51085] Re: scponlyc has SUID not set
This bug still exists, apparently 2.5 years is not enough time to chmod one file in Ubuntu. This is an epicfail in security, as we lack 5 minutes of work to fix bug that makes an application useless (or at least far more secure - only non-chroot mode). This is a security bug, as (without workaround) users are forced to allow system wide view access to SCP users. ** Tags added: epicfail sftp ssh -- scponlyc has SUID not set https://bugs.launchpad.net/bugs/51085 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 51085] Re: scponlyc has SUID not set
Please set urgency to high and mark as security problem. -- scponlyc has SUID not set https://bugs.launchpad.net/bugs/51085 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 51085] Re: scponlyc has SUID not set
This bug does still exist in Intrepid. -- scponlyc has SUID not set https://bugs.launchpad.net/bugs/51085 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 51085] Re: scponlyc has SUID not set
Same problem in 8.04.1, SUID is solution. -- scponlyc has SUID not set https://bugs.launchpad.net/bugs/51085 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 51085] Re: scponlyc has SUID not set
I also encountered this bug... Best, ask user during installation of scponly about the SUID While at it, asking user to confirm that he wants to RUN on BOOTUP the ssh server, would be also a nice thing to do for security/confirmation -- scponlyc has SUID not set https://bugs.launchpad.net/bugs/51085 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 51085] Re: scponlyc has SUID not set
I think the debconf-question importance should not be raised, and I am also against setting scponlyc suid by default. Imho there should be some information on this in /usr/share/doc/scponly ... This problem is very easy to fix - there is just a decision needed how to handle this. -- scponlyc has SUID not set https://bugs.launchpad.net/bugs/51085 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 51085] Re: scponlyc has SUID not set
** Changed in: scponly (Ubuntu) Importance: Undecided = Low Status: Unconfirmed = Confirmed -- scponlyc has SUID not set https://bugs.launchpad.net/bugs/51085 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 51085] Re: scponlyc has SUID not set
** Changed in: scponly (Debian) Status: Unknown = Unconfirmed -- scponlyc has SUID not set https://launchpad.net/bugs/51085 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 51085] Re: scponlyc has SUID not set
** Bug watch added: Debian Bug tracker #340449 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340449 ** Also affects: scponly (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340449 Importance: Unknown Status: Unknown -- scponlyc has SUID not set https://launchpad.net/bugs/51085 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 51085] Re: scponlyc has SUID not set
I tested this and noticed the same bug. Why package scponlyc at all without the suid flag? I think it should be installed so that it works, with the SUID set. Tested with Ubuntu 6.06.1 LTS, scponly 4.6-1. -- scponlyc has SUID not set https://launchpad.net/bugs/51085 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 51085] Re: scponlyc has SUID not set
There is already an debconf question for file permissions that should be set on scponlyc. The problem is that it is not shown on installation (using defaults on (k)ubuntu). A dpkg-reconfigure scponly brings it up and solves the problem. Please consider raising the importance of the corresponding debconf question (so that it is shown upon installation) as half of the package is unuseable without it. -- scponlyc has SUID not set https://launchpad.net/bugs/51085 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
