[Bug 252686] Re: Reload action on init script kills daemon
I confirm that the version in hardy-proposed fixes the reload issue. ** Tags removed: verification-needed -- Reload action on init script kills daemon https://bugs.launchpad.net/bugs/252686 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to freeradius in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 315507] Re: Unable to remove Suhosin patch
Jonathan, thanks for taking the time to post an exhaustive reply. I'm creating a new VM right now to do a complete test as you suggested, but as that's not going to reproduce our real world situation, I'm going to post the details of the actual machine where the thing is happening. Later on I'll post the results from the complete test on the new vm. The server is a vmware esxi 4 VM (like the new vm I'm creating). Ubuntu release: # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 8.04.2 Release:8.04 Codename: hardy Packages version (note: I don't have php5-cli installed): # dpkg-query -W apache2 libapache2-mod-php5 libmyodbc php5-common php5-odbc apache2 2.2.8-1ubuntu0.10 libapache2-mod-php5 5.2.4-2ubuntu5.6 libmyodbc 3.51.15r409-2 php5-common 5.2.4-2ubuntu5.6 php5-odbc 5.2.4-2ubuntu5.6 This is the last request from apache2 log (/var/log/apache2/error.log) and syslog: [Mon Jul 20 08:42:55 2009] [error] [client ip here] ALERT-SIMULATION - canary mismatch on efree() - heap overflow detected (attacker 'ip here', file '/var/www/services/reports/odbc.php') Note that even if it shows ALERT-SIMULATION I still get the php script offered for download. Of course the same thing applies without simulation mode on (except it shows ALERT without the -SIMULATION). Note also that I've tried to run the script both without and with the suhosin extension (php5-suhosin). The test script is basically: $connection = odbc_connect($dsn, $user, $pass); $result = odbc_exec(select * from table); Then there is the while to loop on the resultset, but the script hangs on the odbc_exec line (tested by deleting one line at the time until I got no error). The mysql server is on another (phisical) machine. I've tested the connection and the same query with isql and everything works fine. Oh and everything is on https (I can test with http if needed). If I missed something or you need more info, just ask. Thanks. -- Unable to remove Suhosin patch https://bugs.launchpad.net/bugs/315507 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 315507] Re: Unable to remove Suhosin patch
erhm, of course in my test script in the odbc_exec function I've specified the connection parameter, I just missed it here in the comment. -- Unable to remove Suhosin patch https://bugs.launchpad.net/bugs/315507 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 315507] Re: Unable to remove Suhosin patch
Darn there should be an edit function for comments here... I forgot to mention an essential thing, the ubuntu release is the AMD64 one. -- Unable to remove Suhosin patch https://bugs.launchpad.net/bugs/315507 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 400115] Re: package dovecot-pop3d None [modified: /var/lib/dpkg/info/dovecot-pop3d.list] failed to install/upgrade: dependency problems - leaving unconfigured
Dear Jamie, Thanx for your reply but i wonder why i'm unable to install it as it should. although i've purged it once and reinstall it. but the error remains. One thing i'd like to share with u is that i'm using Webmin and i've installed Dovecot through the interface available within. and from that to till now still i'm facing the same problem. Please advice. Your support will be highly apprecitated. Regards, Salman Masood. +923215170430 Jamie Strandboge wrote: Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a regular (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find. ** Visibility changed to: Public ** This bug is no longer flagged as a security vulnerability -- package dovecot-pop3d None [modified: /var/lib/dpkg/info/dovecot-pop3d.list] failed to install/upgrade: dependency problems - leaving unconfigured https://bugs.launchpad.net/bugs/400115 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dovecot in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 400349] Re: dhclient-script fails with apparmor
** Also affects: dhcp3 (Ubuntu Jaunty) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Jaunty) Importance: Undecided Status: New -- dhclient-script fails with apparmor https://bugs.launchpad.net/bugs/400349 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 400349] Re: dhclient-script fails with apparmor
This turns out to be a regression in Jaunty, that is now fixed and behaving properly in Karmic ** Changed in: linux (Ubuntu Karmic) Status: Confirmed = Invalid -- dhclient-script fails with apparmor https://bugs.launchpad.net/bugs/400349 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 400349] Re: dhclient-script fails with apparmor
This is a bug in the handling of profile attachment for scripts. The check to test if an attachment has already been applied needs to be reworked for 2.6.28. This regression is mitigated, in that correct attachment is retained if ix is used for the script interpreter which is standard profiling practice. ** Changed in: linux (Ubuntu Jaunty) Status: New = Confirmed ** Changed in: linux (Ubuntu Jaunty) Assignee: (unassigned) = John Johansen (jjohansen) -- dhclient-script fails with apparmor https://bugs.launchpad.net/bugs/400349 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 383697] Re: lsb_release crashed with ImportError in module()
Hi Julian. Can you tell me, how I'm gonna do this upgrade from Jaunty do Karmic. Thanks. From: Julian Lam julian@gmail.com To: paspalj...@yahoo.com Sent: Sunday, July 19, 2009 7:06:38 PM Subject: [Bug 383697] Re: lsb_release crashed with ImportError in module() Hi all, Just upgraded to Karmic: 'util-linux: Installed: 2.16-1ubuntu1 Candidate: 2.16-1ubuntu1 Version table: *** 2.16-1ubuntu1 0 500 http://ubuntu.mirror.rafal.ca karmic/main Packages 100 /var/lib/dpkg/status Looks like the problem still occurs, despite upstream comments indicating otherwise...! -- lsb_release crashed with ImportError in module() https://bugs.launchpad.net/bugs/383697 You received this bug notification because you are a direct subscriber of a duplicate bug. Status in “lsb” package in Ubuntu: Triaged Status in “util-linux” package in Ubuntu: Fix Released Bug description: lsb_release is sometimes invoked during upgrades, when the lsb-release package is unconfigured. Under these circumstances, lsb_release crashes, generating a crash report. In particular, it is used by the mount package, which is Essential and does not declare a dependency on lsb-release (which is not Essential). -- lsb_release crashed with ImportError in module() https://bugs.launchpad.net/bugs/383697 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to postfix in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 315507] Re: Unable to remove Suhosin patch
Ok I was able to reproduce the problem on a new VM Steps: 1) Create fresh vm: done, installed Ubuntu 8.04.2 amd64 as denoted by # lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description:Ubuntu 8.04.3 LTS (it shows .3 because I issued the command after the update I think) Release:8.04 Codename: hardy 2) Update system and reboot: done 3) Install LAMP Server packages: done. I didn't install mysql, only apache2 and php5 (I have the db on another machine) 4) We need ODBC: done. Installed php5-odbc libmyodbc unixodbc, copied the sample configurations and adapted odbc.ini to connect to my db server. Plus I tested the connection with isql and worked. 5) Create a PHP test page: done. I've attached the info.html file (with ip and domain hidden for privacy reasons) 6) I already have a database ready (MySQL 5.0.24) 7) Create PHP page to test odbc: done. It's the exact copy of your example script, with the connection data and the table changed of course 8) Try the script.. and here the browser serves me the file as a download. In /var/log/apache2/error.log there is the canary error. Here's the complete log: [Mon Jul 20 11:39:37 2009] [notice] Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch configured -- resuming normal operations [Mon Jul 20 11:47:47 2009] [error] [client client ip] ALERT - canary mismatch on efree() - heap overflow detected (attacker 'client ip', file '/var/www/odbctest.php', line 11), referer: http://server ip/ [Mon Jul 20 11:47:47 2009] [error] [client client ip] ALERT - canary mismatch on efree() - heap overflow detected (attacker 'client ip', file '/var/www/odbctest.php', line 11), referer: http://server ip/ 9) and 10) no sense doing these. The issue in not intermittent, it happens every time. 11) Document exact versions of packages: # dpkg-query -W apache2 libapache2-mod-php5 libmyodbc php5-common php5-odbc apache2 2.2.8-1ubuntu0.10 libapache2-mod-php5 5.2.4-2ubuntu5.6 libmyodbc 3.51.15r409-2 php5-common 5.2.4-2ubuntu5.6 php5-odbc 5.2.4-2ubuntu5.6 ** Attachment added: info.html http://launchpadlibrarian.net/29274780/info.html -- Unable to remove Suhosin patch https://bugs.launchpad.net/bugs/315507 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 315507] Re: Unable to remove Suhosin patch
Just for the record: It's not suhosin patch which needs to be removed, it's the php or php extension which needs fixing, since corrupted canary means that there is stack/buffer overflow somewhere. See: http://en.wikipedia.org/wiki/Stackguard#Canaries -- Unable to remove Suhosin patch https://bugs.launchpad.net/bugs/315507 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 315507] Re: Unable to remove Suhosin patch
To be honest it wouldn't be a problem for me if the simulation mode actually worked. I don't really mind if the odbc functions are badly coded (or whatever). What I do mind is suhosin breaking my scripts without a way to prevent it which doesn't include recompiling php without the patch. But of course if I can help in debugging the real problem and fix the root of the problem (which of course would be better), hey I'm here :) -- Unable to remove Suhosin patch https://bugs.launchpad.net/bugs/315507 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 315507] Re: Unable to remove Suhosin patch
I've reproduced the problem on a 9.04 amd64 fully updated, same configuration as above. -- Unable to remove Suhosin patch https://bugs.launchpad.net/bugs/315507 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 401107] Re: Software runs as root
Thanks for opening this bug report. Most of the daemons you've listed run as superuser as that is the only way to have the necessary privileges for them to operate correctly. In some cases, the daemons are protected by AppArmor profiles. This is the case with cups and dhcp3. If you have discovered a way of running some of the daemons you've listed above as a non-root user, without losing functionality, please open a separate bug report for each of them that includes instructions/patches. Thank you. ** Changed in: acpid (Ubuntu) Status: New = Invalid ** Changed in: bluez (Ubuntu) Status: New = Invalid ** Changed in: cron (Ubuntu) Status: New = Invalid ** Changed in: devicekit-power (Ubuntu) Status: New = Invalid ** Changed in: gdm (Ubuntu) Status: New = Invalid ** Changed in: ntfs-3g (Ubuntu) Status: New = Invalid ** Changed in: devicekit (Ubuntu) Status: New = Invalid ** Changed in: dhcp3 (Ubuntu) Status: New = Invalid ** Changed in: xorg (Ubuntu) Status: New = Invalid ** Changed in: xorg-server (Ubuntu) Status: New = Invalid ** Changed in: cups (Ubuntu) Status: New = Invalid ** Changed in: network-manager (Ubuntu) Status: New = Invalid ** Changed in: devicekit-disks (Ubuntu) Status: New = Invalid ** Changed in: samba (Ubuntu) Status: New = Invalid ** Changed in: wpasupplicant (Ubuntu) Status: New = Invalid -- Software runs as root https://bugs.launchpad.net/bugs/401107 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 315507] Re: Unable to remove Suhosin patch
Ondrej, sure as soon as I'm done with this vm I'm building I'll try with i386. It's not that I don't care, but as we're migrating tons of stuff around and this migration has to be finished soon, I really need the odbc thing working asap, so that's why I don't mind the buffer overflow for now, if I can get the thing to work with a workaround. But as I said I'l gladly try my best to solve the root problem because I understand that's not something to be underestimated. Thanks for your help. -- Unable to remove Suhosin patch https://bugs.launchpad.net/bugs/315507 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 401107] Re: Software runs as root
If that is the only way, then the software is bad, and needs to be fixed or replaced. I do not want an insecure system and potentially exploitable system because of a setup with badly isolated processes and crappy software that requires superuser privileges. X.org can be fixed so it wont need to run as root, using kernel mode setting (KMS). OpenBSD is interested in this. http://www.phoronix.com/scan.php?page=news_itempx=NzM2MA I don't understand why a network daemon (winbindd from samba) needs root. That is absolutely stupid, and just begging to get hacked. It cant be much different from a HTTP or FTP server, and running that as root would be stupid. In dhcp3 there was recently discovered several security vulnerabilities. How convenient that it runs as root. http://www.debian.org/security/2009/dsa-1833 ** Description changed: - Binary package hint: cups - Software runs as root. This is bad, it should not run as a superuser, it is dangerous in terms of system security. This is unsafe. It should safely run as a non-privileged user. Following the principle of least privilege. http://en.wikipedia.org/wiki/Principle_of_least_privilege ** Changed in: xorg-server (Ubuntu) Status: Invalid = Confirmed -- Software runs as root https://bugs.launchpad.net/bugs/401107 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 401767] [NEW] package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 1
Public bug reported: L'erreur suivante s'est produite lors d'une mise à jour des packages: package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 1 Cette erreur est survenue la première fois lorsque je suis passé de Ubuntu 8. 10 à 9.04 Je rencontre cette erreur à chaque mise à jour d'Ubuntu! Je ne peux plus me connecter à la base mysql qui ne démarre plus! J'ai essayé en vain de re-installer mysql. Pourriez-vous m'aider SVP ? Merci ! ProblemType: Package Architecture: i386 DistroRelease: Ubuntu 9.04 ErrorMessage: le sous-processus post-installation script a retourné une erreur de sortie d'état 1 NonfreeKernelModules: fglrx Package: mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 SourcePackage: mysql-dfsg-5.0 Title: package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: le sous-processus post-installation script a retourné une erreur de sortie d'état 1 Uname: Linux 2.6.28-11-generic i686 ** Affects: mysql-dfsg-5.0 (Ubuntu) Importance: Undecided Status: New ** Tags: apport-package i386 -- package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 1 https://bugs.launchpad.net/bugs/401767 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.0 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 401767] Re: package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 1
** Attachment added: Dependencies.txt http://launchpadlibrarian.net/29285327/Dependencies.txt ** Attachment added: DpkgTerminalLog.gz http://launchpadlibrarian.net/29285328/DpkgTerminalLog.gz -- package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: le sous-processus post-installation script a retourn? une erreur de sortie d'?tat 1 https://bugs.launchpad.net/bugs/401767 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mysql-dfsg-5.0 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 401107] Re: Software runs as root
Feel free to open bugs with upstream software if you think they need fixing. If they need to be replaced, feel free to open bugs here and suggest adequate replacements. Of course we want to reduce the quantity of software running as root. As such, as soon as it is feasible to run X.org without the setuid bit set, we will. Our dhcp3 packages provide an AppArmor policy which greatly reduces the risks of running it as root. ** Changed in: xorg-server (Ubuntu) Importance: Undecided = Wishlist -- Software runs as root https://bugs.launchpad.net/bugs/401107 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs