Debian Bug report logs - #496398
The possibility of attack with the help of symlinks in some Debian packages

version graph

Package: mon; Maintainer for mon is Dario Minnucci <midget@debian.org>; Source for mon is src:mon.

Reported by: "Dmitry E. Oboukhov" <dimka@uvw.ru>

Date: Sun, 24 Aug 2008 18:10:43 UTC

Severity: grave

Tags: confirmed, patch, security

Fixed in version mon/0.99.2-13

Done: Dario Minnucci (midget) <debian@midworld.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Dario Minnucci (midget) <debian@midworld.net>:
Bug#496398; Package mon. Full text and rfc822 format available.

Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
New Bug report received and forwarded. Copy sent to Dario Minnucci (midget) <debian@midworld.net>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Dmitry E. Oboukhov" <dimka@uvw.ru>
To: submit@bugs.debian.org
Cc: dimka@uvw.ru
Subject: The possibility of attack with the help of symlinks in some Debian packages
Date: Sun, 24 Aug 2008 22:05:29 +0400
Package: mon
Severity: grave

Hi, maintainer!

This message about the error concerns a few packages  at  once.   I've
tested all the packages (for Lenny) on my Debian mirror.  All  scripts
of packages (marked as executable) were tested.

In some packages I've discovered scripts with errors which may be used
by a user for damaging important system files or user's files.

For example if a script uses in its work a temp file which is  created
in /tmp directory, then every user can create symlink  with  the  same
name in this directory in order to  destroy  or  rewrite  some  system
or user file.  Symlink attack may also  lead  not  only  to  the  data
desctruction but to denial of service as well.

Even if you create files or directories with help of function 'RANDOM'
or pid(), then your system is not protected. Attacker can create many
symlinks in order to destroy your data or create 'denial  of  service'
for your package scripts.

Even if you make rm(dir) for files/directories, then  your  system  is
not protected. Attacker can permanently create symlinks.

This list is created with the help of script.  This list is sorted  by
hand. Howewer in some cases mistake is possible.

Please, Be understanding to possible mistakes. :)

I set Severity into grave for this bug. The table of discovered
problems is below.

Discussion of this bug you can see in debian-devel@:
    http://lists.debian.org/debian-devel/2008/08/msg00271.html

Binary-package: r-base-core-ra (1.1.1-1)
    file: /usr/lib/Ra/lib/R/bin/javareconf
Binary-package: rccp (0.9-2)
    file: /usr/lib/rccp/delqueueask
Binary-package: mafft (6.240-1)
    file: /usr/bin/mafft-homologs
Binary-package: openoffice.org-common (1:2.4.1-6)
    file: /usr/lib/openoffice/program/senddoc
Binary-package: crossfire-maps (1.11.0-1)
    file: /usr/share/games/crossfire/maps/Info/combine.pl
Binary-package: sgml2x (1.0.0-11.1)
    file: /usr/bin/rlatex
Binary-package: liguidsoap (0.3.6-4)
    file: /var/lib/liguidsoap/liguidsoap.py
Binary-package: citadel-server (7.37-1)
    file: /usr/lib/citadel-server/migrate_aliases.sh
Binary-package: ampache (3.4.1-1)
    file: /usr/share/ampache/www/locale/base/gather-messages.sh
Binary-package: xen-utils-3.2-1 (3.2.1-2)
    file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug
Binary-package: dtc-common (0.29.6-1)
    file: /usr/share/dtc/admin/accesslog.php
    file: /usr/share/dtc/admin/sa-wrapper
Binary-package: honeyd-common (1.5c-3)
    file: /usr/share/honeyd/scripts/test.sh
Binary-package: lustre-tests (1.6.5-1)
    file: /usr/lib/lustre/tests/runiozone
Binary-package: linuxtrade (3.65-8+b4)
    file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol
    file: /usr/share/linuxtrade/bin/linuxtrade.wn
    file: /usr/share/linuxtrade/bin/moneyam.helper
Binary-package: freevo (1.8.1-0)
    file: /usr/bin/freevo.real
Binary-package: fml (4.0.3.dfsg-2)
    file: /usr/share/fml/libexec/mead.pl
Binary-package: rkhunter (1.3.2-3)
    file: /usr/bin/rkhunter
Binary-package: openswan (1:2.4.12+dfsg-1.1)
    file: /usr/lib/ipsec/livetest
Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1)
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap
    file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest
Binary-package: aptoncd (0.1-1.1)
    file: /usr/share/aptoncd/xmlfile.py
Binary-package: cdcontrol (1.90-1.1)
    file: /usr/lib/cdcontrol/writtercontrol
Binary-package: newsgate (1.6-23)
    file: /usr/bin/mkmailpost
Binary-package: gpsdrive-scripts (2.10~pre4-3)
    file: /usr/bin/geo-code
Binary-package: impose+ (0.2-11)
    file: /usr/bin/impose
Binary-package: mgt (2.31-5)
    file: /usr/games/mailgo
Binary-package: audiolink (0.05-1)
    file: /usr/bin/audiolink
Binary-package: ibackup (2.27-4.1)
    file: /usr/bin/ibackup
Binary-package: emacspeak (26.0-3)
    file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl
Binary-package: bk2site (1:1.1.9-3.1)
    file: /usr/lib/cgi-bin/bk2site/redirect.pl
Binary-package: datafreedom-perl (0.1.7-1)
    file: /usr/bin/dfxml-invoice
Binary-package: emacs-jabber (0.7.91-1)
    file: /usr/lib/emacsen-common/packages/install/emacs-jabber
Binary-package: lmbench (3.0-a7-1)
    file: /usr/lib/lmbench/scripts/rccs
    file: /usr/lib/lmbench/scripts/STUFF
Binary-package: rancid-util (2.3.2~a8-1)
    file: /var/lib/rancid/getipacctg
Binary-package: ogle (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: firehol (1.256-4)
    file: /sbin/firehol
Binary-package: aview (1.3.0rc1-8)
    file: /usr/bin/asciiview
Binary-package: radiance (3R9+20080530-3)
    file: /usr/bin/optics2rad
    file: /usr/bin/pdelta
    file: /usr/bin/dayfact
    file: /usr/bin/raddepend
Binary-package: vdr-dbg (1.6.0-5)
    file: /usr/bin/vdrleaktest
Binary-package: ogle-mmx (0.9.2-5.2)
    file: /usr/lib/ogle/ogle_audio_debug
    file: /usr/lib/ogle/ogle_cli_debug
    file: /usr/lib/ogle/ogle_ctrl_debug
    file: /usr/lib/ogle/ogle_gui_debug
    file: /usr/lib/ogle/ogle_mpeg_ps_debug
    file: /usr/lib/ogle/ogle_mpeg_vs_debug
    file: /usr/lib/ogle/ogle_nav_debug
    file: /usr/lib/ogle/ogle_vout_debug
Binary-package: convirt (0.8.2-3)
    file: /usr/share/convirt/image_store/_template_/provision.sh
    file: /usr/share/convirt/image_store/Linux_CD_Install/provision.sh
    file: /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh
    file: /usr/share/convirt/image_store/common/provision.sh
    file: /usr/share/convirt/image_store/example/provision.sh
    file: /usr/share/convirt/image_store/Windows_CD_Install/provision.sh
Binary-package: printfilters-ppd (2.13-9)
    file: /usr/lib/printfilters/master-filter
Binary-package: r-base-core (2.7.1-1)
    file: /usr/lib/R/bin/javareconf
    file: /usr/lib/R/bin/javareconf.orig
Binary-package: xmcd (2.6-19.3)
    file: /usr/share/xmcd/scripts/ncsarmt
    file: /usr/share/xmcd/scripts/ncsawrap
Binary-package: tiger (1:3.2.2-3.1)
    file: /usr/lib/tiger/util/genmsgidx
Binary-package: scilab-bin (4.1.2-5)
    file: /usr/lib/scilab-4.1.2/bin/scilink
    file: /usr/lib/scilab-4.1.2/util/scidoc
    file: /usr/lib/scilab-4.1.2/util/scidem
Binary-package: dpkg-cross (2.3.0)
    file: /usr/share/dpkg-cross/bin/gccross
Binary-package: ltp-network-test (20060918-2.1)
    file: /usr/lib/debian-test/tests/linux/testcases/bin/ftp_setup_vsftp_conf
    file: /usr/lib/debian-test/tests/linux/testcases/bin/nfs_fsstress.sh
Binary-package: cman (2.20080629-1)
    file: /usr/sbin/fence_egenera
Binary-package: scratchbox2 (1.99.0.24-1)
    file: /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps
    file: /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings
Binary-package: sendmail-base (8.14.3-5)
    file: /usr/sbin/checksendmail
    file: /usr/bin/expn
Binary-package: fwbuilder (2.1.19-3)
    file: /usr/bin/fwb_install
Binary-package: sng (1.0.2-5)
    file: /usr/bin/sng_regress
Binary-package: dist (1:3.5-17-1)
    file: /usr/bin/patcil
    file: /usr/bin/patdiff
Binary-package: sympa (5.3.4-5)
    file: /usr/lib/cgi-bin/sympa/wwsympa.fcgi
    file: /usr/lib/sympa/bin/sympa.pl
Binary-package: postfix (2.5.2-2)
    file: /usr/lib/postfix_groups.pl
Binary-package: caudium (3:1.4.12-11)
    file: /usr/share/caudium/configvar
Binary-package: mgetty-fax (1.1.36-1.2)
    file: /usr/bin/faxspool
Binary-package: aegis (4.24-3)
    file: /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh
    file: /usr/share/doc/aegis/examples/remind/bng_rvwd.sh
    file: /usr/share/doc/aegis/examples/remind/awt_dvlp.sh
    file: /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh
Binary-package: aegis-web (4.24-3)
    file: /usr/lib/cgi-bin/aegis.cgi
Binary-package: digitaldj (0.7.5-6+b1)
    file: /usr/share/digitaldj/fest.pl
Binary-package: mon (0.99.2-12)
    file: /usr/lib/mon/alert.d/test.alert
Binary-package: feta (1.4.16)
    file: /usr/share/feta/plugins/to-upgrade
Binary-package: arb-common (0.0.20071207.1-4)
    file: /usr/lib/arb/SH/arb_fastdnaml
    file: /usr/lib/arb/SH/dszmconnect.pl
Binary-package: qemu (0.9.1-5)
    file: /usr/sbin/qemu-make-debian-root
Binary-package: apertium (3.0.7+1-1+b1)
    file: /usr/bin/apertium-gen-deformat
    file: /usr/bin/apertium-gen-reformat
    file: /usr/bin/apertium
Binary-package: xcal (4.1-18.3)
    file: /usr/bin/pscal
Binary-package: myspell-tools (1:3.1-20)
    file: /usr/bin/i2myspell
Binary-package: gccxml (0.9.0+cvs20080525-1)
    file: /usr/share/gccxml-0.9/MIPSpro/find_flags
Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4)
    file: /usr/share/freeradius-dialupadmin/bin/backup_radacct
    file: /usr/share/freeradius-dialupadmin/bin/clean_radacct
    file: /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/tot_stats
    file: /usr/share/freeradius-dialupadmin/bin/truncate_radacct
Binary-package: dhis-server (5.3-1)
    file: /usr/lib/dhis-server/dhis-dummy-log-engine
Binary-package: wims (3.62-13)
    file: /var/lib/wims/public_html/bin/coqweb
    file: /var/lib/wims/bin/account.sh
Binary-package: initramfs-tools (0.92f)
    file: /usr/share/initramfs-tools/init
Binary-package: realtimebattle-common (1.0.8-7)
    file: /usr/lib/realtimebattle/Robots/perl.robot
Binary-package: netmrg (0.20-1)
    file: /usr/bin/rrdedit
Binary-package: bulmages-servers (0.11.1-2)
    file: /usr/share/bulmages/examples/scripts/actualizabulmacont
    file: /usr/share/bulmages/examples/scripts/installbulmages-db
    file: /usr/share/bulmages/examples/scripts/creabulmafact
    file: /usr/share/bulmages/examples/scripts/creabulmacont
    file: /usr/share/bulmages/examples/scripts/actualizabulmafact
Binary-package: xastir (1.9.2-1)
    file: /usr/lib/xastir/get-maptools.sh
    file: /usr/lib/xastir/get_shapelib.sh
Binary-package: plait (1.5.2-1)
    file: /usr/bin/plaiter
    file: /usr/bin/plait
Binary-package: cdrw-taper (0.4-2)
    file: /usr/sbin/amlabel-cdrw
Binary-package: konwert-filters (1.8-11.1)
    file: /usr/share/konwert/filters/any-UTF8
Binary-package: gdrae (0.1-1)
    file: /usr/bin/gdrae
Binary-package: lazarus-src (0.9.24-0-9)
    file: /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh




Tags added: Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru> to control@bugs.debian.org. (Tue, 26 Aug 2008 08:45:37 GMT) Full text and rfc822 format available.

Tags added: security Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru> to control@bugs.debian.org. (Tue, 26 Aug 2008 08:57:27 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Dario Minnucci (midget) <debian@midworld.net>:
Bug#496398; Package mon. Full text and rfc822 format available.

Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Dario Minnucci (midget) <debian@midworld.net>. Full text and rfc822 format available.

Message #14 received at 496398@bugs.debian.org (full text, mbox):

From: Thijs Kinkhorst <thijs@debian.org>
To: 496398@bugs.debian.org
Cc: control@bugs.debian.org
Subject: here's a patch
Date: Wed, 27 Aug 2008 21:42:47 +0200
[Message part 1 (text/plain, inline)]
tags 496398 confirmed patch
thanks

Hi,

There's indeed this code in alert.d/test.alert:

   echo "`date` $*" >> /tmp/test.alert.log

If I understand the code it is run as root so that is a significant risk. I'm 
not sure how and when that script is ran though. Still, fixing it is easy, 
I've attached a patch that moves the log to /var/log.


cheers,
Thijs
[496398.patch (text/x-diff, attachment)]
[Message part 3 (application/pgp-signature, inline)]

Tags added: confirmed, patch Request was from Thijs Kinkhorst <thijs@debian.org> to control@bugs.debian.org. (Wed, 27 Aug 2008 19:45:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Dario Minnucci (midget) <debian@midworld.net>:
Bug#496398; Package mon. Full text and rfc822 format available.

Acknowledgement sent to "Dario Minnucci (midget)" <debian@midworld.net>:
Extra info received and forwarded to list. Copy sent to Dario Minnucci (midget) <debian@midworld.net>. Full text and rfc822 format available.

Message #21 received at 496398@bugs.debian.org (full text, mbox):

From: "Dario Minnucci (midget)" <debian@midworld.net>
To: 496398@bugs.debian.org
Cc: "Dmitry E. Oboukhov" <dimka@uvw.ru>, Thijs Kinkhorst <thijs@debian.org>
Subject: Re: The possibility of attack with the help of symlinks in some Debian packages
Date: Tue, 02 Sep 2008 18:34:04 +0200
[Message part 1 (text/plain, inline)]
tags 496398 pending
thanks

Hi Dmitry and Thijs,

An update will be uploaded soon fixing this and some other issues.

Thanks both for reporting and patching.

Cheers.



-- 
_________________________________________________________________________
 Dario Minnucci (midget)
 Phone: (+34) 902021030 | Fax: (+34) 902024417 | Support: (+34) 807450000
 Email: debian@midworld.net | URL: http://www.midworld.net/midget/
_________________________________________________________________________
 Key fingerprint = 6DDB 5487 7F6D 89D4 5D9C  33C7 D181 DD7A 6C42 8272
_________________________________________________________________________


[signature.asc (application/pgp-signature, attachment)]

Tags added: pending Request was from Dario Minnucci (midget) <debian@midworld.net> to control@bugs.debian.org. (Tue, 02 Sep 2008 16:51:02 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Dario Minnucci (midget) <debian@midworld.net>:
Bug#496398; Package mon. Full text and rfc822 format available.

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Extra info received and forwarded to list. Copy sent to Dario Minnucci (midget) <debian@midworld.net>. Full text and rfc822 format available.

Message #28 received at 496398@bugs.debian.org (full text, mbox):

From: Steffen Joeris <steffen.joeris@skolelinux.de>
To: 496398@bugs.debian.org
Subject: sec fix upload
Date: Mon, 8 Sep 2008 21:21:10 +1000
[Message part 1 (text/plain, inline)]
Hi

Just wondering, if there are any problems with the upload?
It would be nice to get it into lenny asap. I can NMU it, if you are having 
time difficulties.

Cheers
Steffen
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Dario Minnucci (midget) <debian@midworld.net>:
Bug#496398; Package mon. Full text and rfc822 format available.

Acknowledgement sent to "Dario Minnucci (midget)" <debian@midworld.net>:
Extra info received and forwarded to list. Copy sent to Dario Minnucci (midget) <debian@midworld.net>. Full text and rfc822 format available.

Message #33 received at 496398@bugs.debian.org (full text, mbox):

From: "Dario Minnucci (midget)" <debian@midworld.net>
To: 496398@bugs.debian.org, Steffen Joeris <steffen.joeris@skolelinux.de>, Alberto Gonzalez Iniesta <agi@inittab.org>
Subject: Re: sec fix upload
Date: Wed, 10 Sep 2008 03:40:06 +0200
[Message part 1 (text/plain, inline)]
Hi Steffen,

I fix that issue quickly but now the package is in my sponsor's hands and seems he is quite busy
these days. Please, give him a some more time in order to upload it.

Thanks.


-- 
_________________________________________________________________________
 Dario Minnucci (midget)
 Phone: (+34) 902021030 | Fax: (+34) 902024417 | Support: (+34) 807450000
 Email: debian@midworld.net | URL: http://www.midworld.net/midget/
_________________________________________________________________________
 Key fingerprint = 6DDB 5487 7F6D 89D4 5D9C  33C7 D181 DD7A 6C42 8272
_________________________________________________________________________


[signature.asc (application/pgp-signature, attachment)]

Reply sent to Dario Minnucci (midget) <debian@midworld.net>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #38 received at 496398-close@bugs.debian.org (full text, mbox):

From: Dario Minnucci (midget) <debian@midworld.net>
To: 496398-close@bugs.debian.org
Subject: Bug#496398: fixed in mon 0.99.2-13
Date: Wed, 10 Sep 2008 15:32:07 +0000
Source: mon
Source-Version: 0.99.2-13

We believe that the bug you reported is fixed in the latest version of
mon, which is due to be installed in the Debian FTP archive:

mon_0.99.2-13.diff.gz
  to pool/main/m/mon/mon_0.99.2-13.diff.gz
mon_0.99.2-13.dsc
  to pool/main/m/mon/mon_0.99.2-13.dsc
mon_0.99.2-13_i386.deb
  to pool/main/m/mon/mon_0.99.2-13_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 496398@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dario Minnucci (midget) <debian@midworld.net> (supplier of updated mon package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 10 Sep 2008 14:19:23 +0200
Source: mon
Binary: mon
Architecture: source i386
Version: 0.99.2-13
Distribution: unstable
Urgency: low
Maintainer: Dario Minnucci (midget) <debian@midworld.net>
Changed-By: Dario Minnucci (midget) <debian@midworld.net>
Description: 
 mon        - monitor hosts/services/whatever and alert about problems
Closes: 496398
Changes: 
 mon (0.99.2-13) unstable; urgency=low
 .
   * debian/control: Conforms with latest Standards Version 3.8.0
   * debian/control: Added 'Homepage' field
   * debian/patches/00_security_fixes: (Closes: #496398)
Checksums-Sha1: 
 c0919a03719bad12e717bf7e1f81427cb4567bce 1088 mon_0.99.2-13.dsc
 1d7fbd7a72a7eab54d95665ccb1dc4cf5d89293e 28159 mon_0.99.2-13.diff.gz
 5a16964ca2a4e6ade32e24b353382b60bbca523e 178634 mon_0.99.2-13_i386.deb
Checksums-Sha256: 
 9c7eadc931f4cc06876333c0ab298bc1641eb56562b87d51d5951d0628be164d 1088 mon_0.99.2-13.dsc
 b62b10892dee34074214a853f4e0ff7fdf32e04d58d3d67f54cdbf476e30aa57 28159 mon_0.99.2-13.diff.gz
 c02189090f4648f32dfb1141a515e63215d1179f9b394ba064ff9df7e4e65e3b 178634 mon_0.99.2-13_i386.deb
Files: 
 776025753be800727a5ec992ec35c2e9 1088 admin extra mon_0.99.2-13.dsc
 99e544f0f03cc77ef01b3d86bb190371 28159 admin extra mon_0.99.2-13.diff.gz
 673558c39a2fdb2bed0441c8bb18c83d 178634 admin extra mon_0.99.2-13_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjH1PsACgkQxRSvjkukAcP7fgCeLEU4U5dNu5QxC3KkcNgEcKdj
nvcAoLJIdk8J0jvp/ilzmJ1jEi+6hRJA
=khkQ
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Fri, 24 Oct 2008 07:29:41 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 11:07:45 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.