Debian Bug report logs - #491791
manpages-dev: new O_EXCL warning is incorrect

version graph

Package: manpages-dev; Maintainer for manpages-dev is Martin Schulze <joey@debian.org>; Source for manpages-dev is src:manpages.

Reported by: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>

Date: Mon, 21 Jul 2008 21:39:01 UTC

Severity: normal

Tags: fixed-upstream

Found in version manpages/3.03-1

Fixed in version manpages/3.05-1

Done: Joey Schulze <joey@infodrom.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#491791; Package manpages-dev. Full text and rfc822 format available.

Acknowledgement sent to "brian m. carlson" <sandals@crustytoothpaste.ath.cx>:
New Bug report received and forwarded. Copy sent to Martin Schulze <joey@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: manpages-dev: new O_EXCL warning is incorrect
Date: Mon, 21 Jul 2008 21:37:45 +0000
[Message part 1 (text/plain, inline)]
Package: manpages-dev
Version: 3.03-1
Severity: normal

In recent versions of manpages-dev, the warning about O_EXCL and NFS
reads in part:

  O_EXCL is not supported on NFSv2 or on Linux before kernel 2.6; it is
  supported on Linux 2.6 and later, with NFSv3 or  later.

This is false.  Linux 2.4.31 does support O_EXCL [0], correctly, it
appears.  The same code appears to be present in Linux 2.4.0.
Additionally, I cannot honestly believe that something as important as
O_EXCL (which is required for avoiding root security holes) doesn't
actually work at all with 2.4 kernels[1].  It may not work in conjunction
with NFS; that's fine, and that should be documented.  But the text
should not lead people to believe that O_EXCL only works with Linux 2.6,
when in fact that's not the case.

It might be useful to also explain whether NFS O_EXCL is broken with
regard to symlink attacks, as well as locking.

[0] http://lxr.linux.no/linux-old+v2.4.31/fs/namei.c#L1072
[1] If this is actually the case, then every program that creates an
O_EXCL file as root is vulnerable to symlink attacks.  Yay for
overwriting /sbin/init!

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages manpages-dev depends on:
ii  manpages                      3.03-1     Manual pages about using a GNU/Lin

manpages-dev recommends no packages.

Versions of packages manpages-dev suggests:
ii  man-db [man-browser]          2.5.2-2    on-line manual pager

-- no debconf information

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#491791; Package manpages-dev. Full text and rfc822 format available.

Acknowledgement sent to "Michael Kerrisk" <mtk.manpages@googlemail.com>:
Extra info received and forwarded to list. Copy sent to Martin Schulze <joey@debian.org>. Full text and rfc822 format available.

Message #10 received at 491791@bugs.debian.org (full text, mbox):

From: "Michael Kerrisk" <mtk.manpages@googlemail.com>
To: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>, 491791@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Re: Bug#491791: manpages-dev: new O_EXCL warning is incorrect
Date: Tue, 22 Jul 2008 07:51:19 +0200
tags 491791 fixed-upstream
thanks

Hello Brian

Thanks for your report.

On Mon, Jul 21, 2008 at 11:37 PM, brian m. carlson
<sandals@crustytoothpaste.ath.cx> wrote:
> Package: manpages-dev
> Version: 3.03-1
> Severity: normal
>
> In recent versions of manpages-dev, the warning about O_EXCL and NFS
> reads in part:
>
>  O_EXCL is not supported on NFSv2 or on Linux before kernel 2.6; it is
>  supported on Linux 2.6 and later, with NFSv3 or  later.
>
> This is false.  Linux 2.4.31 does support O_EXCL [0], correctly, it
> appears.  The same code appears to be present in Linux 2.4.0.
> Additionally, I cannot honestly believe that something as important as
> O_EXCL (which is required for avoiding root security holes) doesn't
> actually work at all with 2.4 kernels[1].  It may not work in conjunction
> with NFS; that's fine, and that should be documented.  But the text
> should not lead people to believe that O_EXCL only works with Linux 2.6,
> when in fact that's not the case.

Yes, the text is a little poorly worded.  The intent of that paragraph
was to discuss O_EXCL solely as it relates to NFS, but as you have
pointed out, there is some ambiguity in the way it can be read.

For upstream man-pages-3.05 I've changed the first sentence of the
paragraph to be the simpler:

    O_EXCL is only supported on NFS when using NFSv3 or
    later on kernel 2.6 or later.

Does that work for you?

> It might be useful to also explain whether NFS O_EXCL is broken with
> regard to symlink attacks, as well as locking.

This is a logically separate question; could you please file it in
another bug report.  (Filing logically separate bugs in the same
report makes it difficult to close a report until both bugs are
addressed.)

Thanks,

Michael




Tags added: fixed-upstream Request was from "Michael Kerrisk" <mtk.manpages@googlemail.com> to control@bugs.debian.org. (Tue, 22 Jul 2008 05:54:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#491791; Package manpages-dev. Full text and rfc822 format available.

Acknowledgement sent to "brian m. carlson" <sandals@crustytoothpaste.ath.cx>:
Extra info received and forwarded to list. Copy sent to Martin Schulze <joey@debian.org>. Full text and rfc822 format available.

Message #17 received at 491791@bugs.debian.org (full text, mbox):

From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
To: Michael Kerrisk <mtk.manpages@googlemail.com>
Cc: 491791@bugs.debian.org
Subject: Re: Bug#491791: manpages-dev: new O_EXCL warning is incorrect
Date: Tue, 22 Jul 2008 15:33:43 +0000
[Message part 1 (text/plain, inline)]
On Tue, Jul 22, 2008 at 07:51:19AM +0200, Michael Kerrisk wrote:
>For upstream man-pages-3.05 I've changed the first sentence of the
>paragraph to be the simpler:
>
>    O_EXCL is only supported on NFS when using NFSv3 or
>    later on kernel 2.6 or later.
>
>Does that work for you?

Yes, that's fine.  Thank you.

>> It might be useful to also explain whether NFS O_EXCL is broken with
>> regard to symlink attacks, as well as locking.
>
>This is a logically separate question; could you please file it in
>another bug report.  (Filing logically separate bugs in the same
>report makes it difficult to close a report until both bugs are
>addressed.)

I assumed that it would be part of fixing the wording in general, so I
didn't consider it a separate issue.  If you think it belongs in another
bug report, please feel free to clone it.  I don't consider this
question to be sufficient to keep the report open, so feel free to close
this bug if you want to.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#491791; Package manpages-dev. Full text and rfc822 format available.

Acknowledgement sent to "Michael Kerrisk" <mtk.manpages@googlemail.com>:
Extra info received and forwarded to list. Copy sent to Martin Schulze <joey@debian.org>. Full text and rfc822 format available.

Message #22 received at 491791@bugs.debian.org (full text, mbox):

From: "Michael Kerrisk" <mtk.manpages@googlemail.com>
To: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
Cc: 491791@bugs.debian.org
Subject: Re: Bug#491791: manpages-dev: new O_EXCL warning is incorrect
Date: Tue, 22 Jul 2008 17:50:10 +0200
>>> It might be useful to also explain whether NFS O_EXCL is broken with
>>> regard to symlink attacks, as well as locking.
>>
>> This is a logically separate question; could you please file it in
>> another bug report.  (Filing logically separate bugs in the same
>> report makes it difficult to close a report until both bugs are
>> addressed.)
>
> I assumed that it would be part of fixing the wording in general, so I
> didn't consider it a separate issue.  If you think it belongs in another
> bug report, please feel free to clone it.  I don't consider this
> question to be sufficient to keep the report open, so feel free to close
> this bug if you want to.

I'm upstream (not part of Debian).  So I'll let the Debian maintainer
deal with this.  (To the maintainer: I also suggest just closing the
report.)




Reply sent to Joey Schulze <joey@infodrom.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "brian m. carlson" <sandals@crustytoothpaste.ath.cx>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #27 received at 491791-close@bugs.debian.org (full text, mbox):

From: Joey Schulze <joey@infodrom.org>
To: 491791-close@bugs.debian.org
Subject: Bug#491791: fixed in manpages 3.05-1
Date: Sat, 26 Jul 2008 21:32:05 +0000
Source: manpages
Source-Version: 3.05-1

We believe that the bug you reported is fixed in the latest version of
manpages, which is due to be installed in the Debian FTP archive:

manpages-dev_3.05-1_all.deb
  to pool/main/m/manpages/manpages-dev_3.05-1_all.deb
manpages_3.05-1.diff.gz
  to pool/main/m/manpages/manpages_3.05-1.diff.gz
manpages_3.05-1.dsc
  to pool/main/m/manpages/manpages_3.05-1.dsc
manpages_3.05-1_all.deb
  to pool/main/m/manpages/manpages_3.05-1_all.deb
manpages_3.05.orig.tar.gz
  to pool/main/m/manpages/manpages_3.05.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 491791@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Joey Schulze <joey@infodrom.org> (supplier of updated manpages package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 26 Jul 2008 23:01:11 +0200
Source: manpages
Binary: manpages manpages-dev
Architecture: source all
Version: 3.05-1
Distribution: unstable
Urgency: low
Maintainer: Martin Schulze <joey@debian.org>
Changed-By: Joey Schulze <joey@infodrom.org>
Description: 
 manpages   - Manual pages about using a GNU/Linux system
 manpages-dev - Manual pages about using GNU/Linux for development
Closes: 491791
Changes: 
 manpages (3.05-1) unstable; urgency=low
 .
   * New upstream version
     . Remove ambiguity in description of support for O_EXCL on NFS in
       open(2) (closes: Bug#491791)
Checksums-Sha1: 
 a3661cfd5c31b250e7894efa348dec7522a9beb9 964 manpages_3.05-1.dsc
 991fee8a36c1f7d08f9a3802b36d72e02449ecf0 1401013 manpages_3.05.orig.tar.gz
 d35c620b1f7af065eb1abc5192dc6d6109d70ab7 46567 manpages_3.05-1.diff.gz
 bd06f892ab1237588a225241eadb76709b68e58a 615596 manpages_3.05-1_all.deb
 cea3ffa2c038e1343806bdd58cfdb1cc13343433 1433366 manpages-dev_3.05-1_all.deb
Checksums-Sha256: 
 a51904a1c58a3408bc4efc57db328563b5fa3f38219109ef66a719af02d516d8 964 manpages_3.05-1.dsc
 e64c457e6957f8e9488151638bd8172b3f92554bcc5af6fd7b4204698b4b4578 1401013 manpages_3.05.orig.tar.gz
 5feda8c6c89b22d99ff3092de61620d28e6163ab34897a3fbe1cfc68822556a9 46567 manpages_3.05-1.diff.gz
 aeda742952b3119d4577ac05fe56dcd18e7cd3543608a975da64757d085e321c 615596 manpages_3.05-1_all.deb
 1b07287845c42aeacff11b6e6aad68fce00f80ba5b6855f849c1daf9732896b4 1433366 manpages-dev_3.05-1_all.deb
Files: 
 c8441eaa2bc0b9b68b0c99fb7f108183 964 doc important manpages_3.05-1.dsc
 10d66a884c1d26b4e6c7c17494eb73cb 1401013 doc important manpages_3.05.orig.tar.gz
 55c0e394156dace3f706aa13aa4be192 46567 doc important manpages_3.05-1.diff.gz
 a2cc7b9a0f2043ef4b4e27d299cf7e5a 615596 doc important manpages_3.05-1_all.deb
 be1ff313b4c9905eff75f1c411de0ab6 1433366 doc optional manpages-dev_3.05-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIi5RIW5ql+IAeqTIRAkUWAJ96p+Ax7A/CY2cJIj/yzvVqNoGQ9QCffvP1
TV2UvkK9zb6G4A3y4aGtxog=
=h4fj
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 25 Aug 2008 07:34:55 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 12:23:46 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.