Debian Bug report logs -
#491791
manpages-dev: new O_EXCL warning is incorrect
Reported by: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
Date: Mon, 21 Jul 2008 21:39:01 UTC
Severity: normal
Tags: fixed-upstream
Found in version manpages/3.03-1
Fixed in version manpages/3.05-1
Done: Joey Schulze <joey@infodrom.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#491791; Package manpages-dev.
(full text, mbox, link).
Acknowledgement sent to "brian m. carlson" <sandals@crustytoothpaste.ath.cx>:
New Bug report received and forwarded. Copy sent to Martin Schulze <joey@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: manpages-dev
Version: 3.03-1
Severity: normal
In recent versions of manpages-dev, the warning about O_EXCL and NFS
reads in part:
O_EXCL is not supported on NFSv2 or on Linux before kernel 2.6; it is
supported on Linux 2.6 and later, with NFSv3 or later.
This is false. Linux 2.4.31 does support O_EXCL [0], correctly, it
appears. The same code appears to be present in Linux 2.4.0.
Additionally, I cannot honestly believe that something as important as
O_EXCL (which is required for avoiding root security holes) doesn't
actually work at all with 2.4 kernels[1]. It may not work in conjunction
with NFS; that's fine, and that should be documented. But the text
should not lead people to believe that O_EXCL only works with Linux 2.6,
when in fact that's not the case.
It might be useful to also explain whether NFS O_EXCL is broken with
regard to symlink attacks, as well as locking.
[0] http://lxr.linux.no/linux-old+v2.4.31/fs/namei.c#L1072
[1] If this is actually the case, then every program that creates an
O_EXCL file as root is vulnerable to symlink attacks. Yay for
overwriting /sbin/init!
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-trunk-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages manpages-dev depends on:
ii manpages 3.03-1 Manual pages about using a GNU/Lin
manpages-dev recommends no packages.
Versions of packages manpages-dev suggests:
ii man-db [man-browser] 2.5.2-2 on-line manual pager
-- no debconf information
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#491791; Package manpages-dev.
(full text, mbox, link).
Acknowledgement sent to "Michael Kerrisk" <mtk.manpages@googlemail.com>:
Extra info received and forwarded to list. Copy sent to Martin Schulze <joey@debian.org>.
(full text, mbox, link).
Message #10 received at 491791@bugs.debian.org (full text, mbox, reply):
tags 491791 fixed-upstream
thanks
Hello Brian
Thanks for your report.
On Mon, Jul 21, 2008 at 11:37 PM, brian m. carlson
<sandals@crustytoothpaste.ath.cx> wrote:
> Package: manpages-dev
> Version: 3.03-1
> Severity: normal
>
> In recent versions of manpages-dev, the warning about O_EXCL and NFS
> reads in part:
>
> O_EXCL is not supported on NFSv2 or on Linux before kernel 2.6; it is
> supported on Linux 2.6 and later, with NFSv3 or later.
>
> This is false. Linux 2.4.31 does support O_EXCL [0], correctly, it
> appears. The same code appears to be present in Linux 2.4.0.
> Additionally, I cannot honestly believe that something as important as
> O_EXCL (which is required for avoiding root security holes) doesn't
> actually work at all with 2.4 kernels[1]. It may not work in conjunction
> with NFS; that's fine, and that should be documented. But the text
> should not lead people to believe that O_EXCL only works with Linux 2.6,
> when in fact that's not the case.
Yes, the text is a little poorly worded. The intent of that paragraph
was to discuss O_EXCL solely as it relates to NFS, but as you have
pointed out, there is some ambiguity in the way it can be read.
For upstream man-pages-3.05 I've changed the first sentence of the
paragraph to be the simpler:
O_EXCL is only supported on NFS when using NFSv3 or
later on kernel 2.6 or later.
Does that work for you?
> It might be useful to also explain whether NFS O_EXCL is broken with
> regard to symlink attacks, as well as locking.
This is a logically separate question; could you please file it in
another bug report. (Filing logically separate bugs in the same
report makes it difficult to close a report until both bugs are
addressed.)
Thanks,
Michael
Tags added: fixed-upstream
Request was from "Michael Kerrisk" <mtk.manpages@googlemail.com>
to control@bugs.debian.org.
(Tue, 22 Jul 2008 05:54:03 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#491791; Package manpages-dev.
(full text, mbox, link).
Acknowledgement sent to "brian m. carlson" <sandals@crustytoothpaste.ath.cx>:
Extra info received and forwarded to list. Copy sent to Martin Schulze <joey@debian.org>.
(full text, mbox, link).
Message #17 received at 491791@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Tue, Jul 22, 2008 at 07:51:19AM +0200, Michael Kerrisk wrote:
>For upstream man-pages-3.05 I've changed the first sentence of the
>paragraph to be the simpler:
>
> O_EXCL is only supported on NFS when using NFSv3 or
> later on kernel 2.6 or later.
>
>Does that work for you?
Yes, that's fine. Thank you.
>> It might be useful to also explain whether NFS O_EXCL is broken with
>> regard to symlink attacks, as well as locking.
>
>This is a logically separate question; could you please file it in
>another bug report. (Filing logically separate bugs in the same
>report makes it difficult to close a report until both bugs are
>addressed.)
I assumed that it would be part of fixing the wording in general, so I
didn't consider it a separate issue. If you think it belongs in another
bug report, please feel free to clone it. I don't consider this
question to be sufficient to keep the report open, so feel free to close
this bug if you want to.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Martin Schulze <joey@debian.org>:
Bug#491791; Package manpages-dev.
(full text, mbox, link).
Acknowledgement sent to "Michael Kerrisk" <mtk.manpages@googlemail.com>:
Extra info received and forwarded to list. Copy sent to Martin Schulze <joey@debian.org>.
(full text, mbox, link).
Message #22 received at 491791@bugs.debian.org (full text, mbox, reply):
>>> It might be useful to also explain whether NFS O_EXCL is broken with
>>> regard to symlink attacks, as well as locking.
>>
>> This is a logically separate question; could you please file it in
>> another bug report. (Filing logically separate bugs in the same
>> report makes it difficult to close a report until both bugs are
>> addressed.)
>
> I assumed that it would be part of fixing the wording in general, so I
> didn't consider it a separate issue. If you think it belongs in another
> bug report, please feel free to clone it. I don't consider this
> question to be sufficient to keep the report open, so feel free to close
> this bug if you want to.
I'm upstream (not part of Debian). So I'll let the Debian maintainer
deal with this. (To the maintainer: I also suggest just closing the
report.)
Reply sent to Joey Schulze <joey@infodrom.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to "brian m. carlson" <sandals@crustytoothpaste.ath.cx>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #27 received at 491791-close@bugs.debian.org (full text, mbox, reply):
Source: manpages
Source-Version: 3.05-1
We believe that the bug you reported is fixed in the latest version of
manpages, which is due to be installed in the Debian FTP archive:
manpages-dev_3.05-1_all.deb
to pool/main/m/manpages/manpages-dev_3.05-1_all.deb
manpages_3.05-1.diff.gz
to pool/main/m/manpages/manpages_3.05-1.diff.gz
manpages_3.05-1.dsc
to pool/main/m/manpages/manpages_3.05-1.dsc
manpages_3.05-1_all.deb
to pool/main/m/manpages/manpages_3.05-1_all.deb
manpages_3.05.orig.tar.gz
to pool/main/m/manpages/manpages_3.05.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 491791@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Joey Schulze <joey@infodrom.org> (supplier of updated manpages package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 26 Jul 2008 23:01:11 +0200
Source: manpages
Binary: manpages manpages-dev
Architecture: source all
Version: 3.05-1
Distribution: unstable
Urgency: low
Maintainer: Martin Schulze <joey@debian.org>
Changed-By: Joey Schulze <joey@infodrom.org>
Description:
manpages - Manual pages about using a GNU/Linux system
manpages-dev - Manual pages about using GNU/Linux for development
Closes: 491791
Changes:
manpages (3.05-1) unstable; urgency=low
.
* New upstream version
. Remove ambiguity in description of support for O_EXCL on NFS in
open(2) (closes: Bug#491791)
Checksums-Sha1:
a3661cfd5c31b250e7894efa348dec7522a9beb9 964 manpages_3.05-1.dsc
991fee8a36c1f7d08f9a3802b36d72e02449ecf0 1401013 manpages_3.05.orig.tar.gz
d35c620b1f7af065eb1abc5192dc6d6109d70ab7 46567 manpages_3.05-1.diff.gz
bd06f892ab1237588a225241eadb76709b68e58a 615596 manpages_3.05-1_all.deb
cea3ffa2c038e1343806bdd58cfdb1cc13343433 1433366 manpages-dev_3.05-1_all.deb
Checksums-Sha256:
a51904a1c58a3408bc4efc57db328563b5fa3f38219109ef66a719af02d516d8 964 manpages_3.05-1.dsc
e64c457e6957f8e9488151638bd8172b3f92554bcc5af6fd7b4204698b4b4578 1401013 manpages_3.05.orig.tar.gz
5feda8c6c89b22d99ff3092de61620d28e6163ab34897a3fbe1cfc68822556a9 46567 manpages_3.05-1.diff.gz
aeda742952b3119d4577ac05fe56dcd18e7cd3543608a975da64757d085e321c 615596 manpages_3.05-1_all.deb
1b07287845c42aeacff11b6e6aad68fce00f80ba5b6855f849c1daf9732896b4 1433366 manpages-dev_3.05-1_all.deb
Files:
c8441eaa2bc0b9b68b0c99fb7f108183 964 doc important manpages_3.05-1.dsc
10d66a884c1d26b4e6c7c17494eb73cb 1401013 doc important manpages_3.05.orig.tar.gz
55c0e394156dace3f706aa13aa4be192 46567 doc important manpages_3.05-1.diff.gz
a2cc7b9a0f2043ef4b4e27d299cf7e5a 615596 doc important manpages_3.05-1_all.deb
be1ff313b4c9905eff75f1c411de0ab6 1433366 doc optional manpages-dev_3.05-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIi5RIW5ql+IAeqTIRAkUWAJ96p+Ax7A/CY2cJIj/yzvVqNoGQ9QCffvP1
TV2UvkK9zb6G4A3y4aGtxog=
=h4fj
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Aug 2008 07:34:55 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Thu Mar 9 09:59:59 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.