Debian Bug report logs - #433996
unsecure usage of /tmp files

version graph

Package: xsabre; Maintainer for xsabre is (unknown);

Reported by: Greg Kochanski <gpk@kochanski.org>

Date: Fri, 20 Jul 2007 20:24:02 UTC

Severity: grave

Tags: security

Found in version sabre/0.2.4b-23

Fixed in version sabre/0.2.4b-25

Done: Evgeni Golov <sargentd@die-welt.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Games Team <pkg-games-devel@lists.alioth.debian.org>:
Bug#433996; Package xsabre. Full text and rfc822 format available.

Acknowledgement sent to Greg Kochanski <gpk@kochanski.org>:
New Bug report received and forwarded. Copy sent to Debian Games Team <pkg-games-devel@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Greg Kochanski <gpk@kochanski.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xsabre: /tmp/sabre.log is left; blocks other users.
Date: Fri, 20 Jul 2007 21:21:10 +0100
Package: xsabre
Version: 0.2.4b-23
Severity: important


When you run XRunSabre, it leaves /tmp/sabre.log .
This file has you as the owner and your default permissions.

Typically, no one else can remove or overwrite it.

The next person who runs XRunSabre then has trouble,
because the actual simulator will not start when that
file exists and is unwriteable.   You can use the menus,
but when you start a mission, it terminates silently
without explanation. 

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.21-2-686 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages xsabre depends on:
ii  dialog                  1.1-20070604-1   Displays user-friendly dialog boxe
ii  gnome-terminal [x-termi 2.18.1-1         The GNOME 2 terminal emulator appl
ii  konsole [x-terminal-emu 4:3.5.7-1        X terminal emulator for KDE
ii  libc6                   2.6-2            GNU C Library: Shared libraries
ii  libgcc1                 1:4.2-20070712-1 GCC support library
ii  libncurses5             5.6-3            Shared libraries for terminal hand
ii  libsdl1.2debian         1.2.11-8         Simple DirectMedia Layer
ii  libstdc++6              4.2-20070712-1   The GNU Standard C++ Library v3
ii  libsvga1                1:1.4.3-24       console SVGA display libraries
ii  sabre-common            0.2.4b-23        data for the SABRE fighter plane s
ii  xfce4-terminal [x-termi 0.2.6-2          Xfce terminal emulator
ii  xterm [x-terminal-emula 226-1            X terminal emulator

xsabre recommends no packages.

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Games Team <pkg-games-devel@lists.alioth.debian.org>:
Bug#433996; Package xsabre. (Wed, 01 Oct 2008 12:06:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to kilian@nihilnovi.de:
Extra info received and forwarded to list. Copy sent to Debian Games Team <pkg-games-devel@lists.alioth.debian.org>. (Wed, 01 Oct 2008 12:06:03 GMT) Full text and rfc822 format available.

Message #10 received at 433996@bugs.debian.org (full text, mbox):

From: kilian@nihilnovi.de
To: 433996@bugs.debian.org
Subject: Unsecure .tmp file usage
Date: Wed, 1 Oct 2008 13:59:32 +0200 (CEST)
Hi,

the package xsabre contains an unsecure usage of .tmp files. Via symlinks
any user may delete arbitrary data from other users who run xsabre.

I will write a patch this evening.

Greetings,
Kilian.




Changed Bug title to `unsecure usage of /tmp files' from `xsabre: /tmp/sabre.log is left; blocks other users.'. Request was from kilian@nihilnovi.de to control@bugs.debian.org. (Wed, 01 Oct 2008 12:24:05 GMT) Full text and rfc822 format available.

Severity set to `grave' from `important' Request was from kilian@nihilnovi.de to control@bugs.debian.org. (Wed, 01 Oct 2008 12:24:05 GMT) Full text and rfc822 format available.

Tags added: security Request was from kilian@nihilnovi.de to control@bugs.debian.org. (Wed, 01 Oct 2008 12:24:06 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Games Team <pkg-games-devel@lists.alioth.debian.org>:
Bug#433996; Package xsabre. (Thu, 02 Oct 2008 12:27:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Games Team <pkg-games-devel@lists.alioth.debian.org>. (Thu, 02 Oct 2008 12:27:02 GMT) Full text and rfc822 format available.

Message #21 received at 433996@bugs.debian.org (full text, mbox):

From: Nico Golde <nion@debian.org>
To: control@bugs.debian.org
Cc: 433996@bugs.debian.org
Subject: severity of 433996 is grave
Date: Thu, 02 Oct 2008 14:24:33 +0200
# Automatically generated email from bts, devscripts version 2.10.35
# security bug
severity 433996 grave





Severity set to `grave' from `grave' Request was from Nico Golde <nion@debian.org> to control@bugs.debian.org. (Thu, 02 Oct 2008 12:27:05 GMT) Full text and rfc822 format available.

Tags added: pending Request was from Marco Rodrigues <gothicx@sapo.pt> to control@bugs.debian.org. (Thu, 02 Oct 2008 13:48:04 GMT) Full text and rfc822 format available.

Reply sent to Evgeni Golov <sargentd@die-welt.net>:
You have taken responsibility. (Sun, 05 Oct 2008 09:51:09 GMT) Full text and rfc822 format available.

Notification sent to Greg Kochanski <gpk@kochanski.org>:
Bug acknowledged by developer. (Sun, 05 Oct 2008 09:51:09 GMT) Full text and rfc822 format available.

Message #30 received at 433996-close@bugs.debian.org (full text, mbox):

From: Evgeni Golov <sargentd@die-welt.net>
To: 433996-close@bugs.debian.org
Subject: Bug#433996: fixed in sabre 0.2.4b-25
Date: Sun, 05 Oct 2008 09:17:08 +0000
Source: sabre
Source-Version: 0.2.4b-25

We believe that the bug you reported is fixed in the latest version of
sabre, which is due to be installed in the Debian FTP archive:

sabre-common_0.2.4b-25_all.deb
  to pool/main/s/sabre/sabre-common_0.2.4b-25_all.deb
sabre_0.2.4b-25.diff.gz
  to pool/main/s/sabre/sabre_0.2.4b-25.diff.gz
sabre_0.2.4b-25.dsc
  to pool/main/s/sabre/sabre_0.2.4b-25.dsc
xsabre_0.2.4b-25_amd64.deb
  to pool/main/s/sabre/xsabre_0.2.4b-25_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 433996@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Evgeni Golov <sargentd@die-welt.net> (supplier of updated sabre package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 05 Oct 2008 10:33:06 +0200
Source: sabre
Binary: sabre-common sabre xsabre
Architecture: source all amd64
Version: 0.2.4b-25
Distribution: unstable
Urgency: low
Maintainer: Debian Games Team <pkg-games-devel@lists.alioth.debian.org>
Changed-By: Evgeni Golov <sargentd@die-welt.net>
Description: 
 sabre      - fighter plane simulator for svgalib
 sabre-common - data for the SABRE fighter plane simulator
 xsabre     - fighter plane simulator for X11
Closes: 433996 478984
Changes: 
 sabre (0.2.4b-25) unstable; urgency=low
 .
   [ Evgeni Golov ]
   * debian/patches/030_launch_scripts.diff:
     + Update the patch and use mktemp for creating temporary files.
       Closes: #433996.
       Fixes: CVE-2008-4407 (insecure temp file).
   * debian/sabre.postinst:
     + Fix the call to dpkg-statoverride in the postinst.
     + Call "set -e" first.
   * debian/sabre.postem:
     + Call "set -e" first.
   * debian/control:
     + Add myself to uploaders
 .
   [ Barry deFreese ]
   * Add .desktop file. (Closes: #478984).
     + Call dh_desktop
Checksums-Sha1: 
 fa53ba97ac6da0e821ac311b3b96471bc9bd1614 1385 sabre_0.2.4b-25.dsc
 757099c2630af00b0510bb61ca2bb563596d147e 121400 sabre_0.2.4b-25.diff.gz
 aa8a7a0f72739eb55f7c7da435bf6bf13bc9a26d 1788238 sabre-common_0.2.4b-25_all.deb
 7acc90b6a9a63792187aa6a7bf2bf21189393786 262506 xsabre_0.2.4b-25_amd64.deb
Checksums-Sha256: 
 f1f2db70814c82b7b7d776c0c0ea3422844b9b0f390d35b6b9f2231673c2dcf7 1385 sabre_0.2.4b-25.dsc
 597633c966bb6ea9de410021348abfd668eaf8dcab104f5be820324a26127797 121400 sabre_0.2.4b-25.diff.gz
 4888680ba06c5943e88d616f031ae65b14bb94ea79d1b70e730f99a4abfb8c9e 1788238 sabre-common_0.2.4b-25_all.deb
 82a24973a6814a1a19c4019bcacf3caa4522737713e402166247984a08862c9d 262506 xsabre_0.2.4b-25_amd64.deb
Files: 
 55830a0d89977b9234f141c41a1b532b 1385 games optional sabre_0.2.4b-25.dsc
 017951f163a6070e42e574925aea2079 121400 games optional sabre_0.2.4b-25.diff.gz
 d15652c089cf5d8d8d46b5c5f05bfcd7 1788238 games optional sabre-common_0.2.4b-25_all.deb
 9b9206f76d16331b173971cc489df15c 262506 games optional xsabre_0.2.4b-25_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjohVkACgkQ5Sc9mGvjxCPG4gCgxQDlQXoebIPPRG5gVX7R9CYF
aLQAnjuEQb99IdL0vP2wrAS/C4aL9sLh
=lhvN
-----END PGP SIGNATURE-----





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Games Team <pkg-games-devel@lists.alioth.debian.org>:
Bug#433996; Package xsabre. (Sun, 26 Oct 2008 21:57:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Mark Purcell <msp@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Games Team <pkg-games-devel@lists.alioth.debian.org>. (Sun, 26 Oct 2008 21:57:05 GMT) Full text and rfc822 format available.

Message #35 received at 433996@bugs.debian.org (full text, mbox):

From: Mark Purcell <msp@debian.org>
To: debian-release@lists.debian.org
Cc: sabre@packages.debian.org
Subject: request give back: sabre_0.2.4b-26_hppa
Date: Sun, 26 Oct 2008 20:02:51 +1100
Looks like the only thing prevent the RC bug #433996 being closed for lenny is 
the hppa build for sabre_0.2.4b-26_hppa

Request a give back.

sabre_0.2.4b-26_hppa
  sabre >> 0.2.4b-26
  Builds of version 0.2.4b-26 have been attempted on the following occasions:
Wed 15 Oct 2008 06:10: maybe-successful

Thanks,
Mark






Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Feb 2009 08:46:18 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 10:57:32 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.