Debian Bug report logs - #654262
lio-utils: debug is enabled by default, allowing symlink attacks

version graph

Package: lio-utils; Maintainer for lio-utils is Ritesh Raj Sarraf <rrs@debian.org>; Source for lio-utils is src:lio-utils.

Reported by: Aurelien Jarno <aurel32@debian.org>

Date: Mon, 2 Jan 2012 16:15:02 UTC

Severity: normal

Tags: patch, security

Found in version lio-utils/3.1+git0.91b96103-2

Fixed in version lio-utils/3.1+git2.fd0b34fd-1

Done: Ritesh Raj Sarraf <rrs@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Ritesh Raj Sarraf <rrs@debian.org>:
Bug#654262; Package lio-utils. (Mon, 02 Jan 2012 16:15:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Aurelien Jarno <aurel32@debian.org>:
New Bug report received and forwarded. Copy sent to Ritesh Raj Sarraf <rrs@debian.org>. (Mon, 02 Jan 2012 16:15:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Aurelien Jarno <aurel32@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: lio-utils: debug is enabled by default, allowing symlink attacks
Date: Mon, 02 Jan 2012 17:10:37 +0100
Package: lio-utils
Version: 3.1+git0.91b96103-2
Severity: normal
Tags: patch security

/etc/init.d/target contains the following code:

| #########################################################################
| # Allows saving command & arguments into a file for subsequent debugging
| # Enable: Set DEBUG=1    Disable: Set DEBUG=0
|
| DEBUG=0
| LOGFILE=/tmp/tgtctl.dbug
|
| if [ $DEBUG ]; then
|         echo "$0 $*" >> $LOGFILE
| fi
| #########################################################################

The test on the debug is wrong, so the test is always valid. This causes
DEBUG to be enabled by default, and given the filename is fixed and the
file located in /tmp, it can be use for a symlink attack.

The test should be replaced by:

| if [ $DEBUG != 0 ]; then


-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash




Reply sent to Ritesh Raj Sarraf <rrs@debian.org>:
You have taken responsibility. (Tue, 15 May 2012 13:21:37 GMT) Full text and rfc822 format available.

Notification sent to Aurelien Jarno <aurel32@debian.org>:
Bug acknowledged by developer. (Tue, 15 May 2012 13:21:42 GMT) Full text and rfc822 format available.

Message #10 received at 654262-close@bugs.debian.org (full text, mbox):

From: Ritesh Raj Sarraf <rrs@debian.org>
To: 654262-close@bugs.debian.org
Subject: Bug#654262: fixed in lio-utils 3.1+git2.fd0b34fd-1
Date: Tue, 15 May 2012 13:19:32 +0000
Source: lio-utils
Source-Version: 3.1+git2.fd0b34fd-1

We believe that the bug you reported is fixed in the latest version of
lio-utils, which is due to be installed in the Debian FTP archive:

lio-utils_3.1+git2.fd0b34fd-1.debian.tar.gz
  to main/l/lio-utils/lio-utils_3.1+git2.fd0b34fd-1.debian.tar.gz
lio-utils_3.1+git2.fd0b34fd-1.dsc
  to main/l/lio-utils/lio-utils_3.1+git2.fd0b34fd-1.dsc
lio-utils_3.1+git2.fd0b34fd-1_amd64.deb
  to main/l/lio-utils/lio-utils_3.1+git2.fd0b34fd-1_amd64.deb
lio-utils_3.1+git2.fd0b34fd.orig.tar.gz
  to main/l/lio-utils/lio-utils_3.1+git2.fd0b34fd.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 654262@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ritesh Raj Sarraf <rrs@debian.org> (supplier of updated lio-utils package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 15 May 2012 17:54:48 +0530
Source: lio-utils
Binary: lio-utils
Architecture: source amd64
Version: 3.1+git2.fd0b34fd-1
Distribution: unstable
Urgency: low
Maintainer: Ritesh Raj Sarraf <rrs@debian.org>
Changed-By: Ritesh Raj Sarraf <rrs@debian.org>
Description: 
 lio-utils  - configuration tool for LIO core target
Closes: 652052 654262
Changes: 
 lio-utils (3.1+git2.fd0b34fd-1) unstable; urgency=low
 .
   * [2dcd774] Add README.source
   * [074e1fc] Imported Upstream version 3.1+git2.fd0b34fd
     (Closes: #654262, #652052)
   * [b84f9ac] Fix debian/copyright to comply to format 1.0
   * [ff79fe6] Add patch shell-script-header.patch to define header for
     shell scripts
Checksums-Sha1: 
 d0d70069ec04715f3631d627d007de367d030590 1996 lio-utils_3.1+git2.fd0b34fd-1.dsc
 c711f7e3bdf2be716d4cfc9fcfb1a6b4d9132ec3 116670 lio-utils_3.1+git2.fd0b34fd.orig.tar.gz
 0cae98e7af874f17800ba398506aea5d05e5209e 3421 lio-utils_3.1+git2.fd0b34fd-1.debian.tar.gz
 0c119cfce81bcfe0ff27e49e86e6c47d356ac913 104006 lio-utils_3.1+git2.fd0b34fd-1_amd64.deb
Checksums-Sha256: 
 16de9754f02969942abf8adee12597001734235b19c6bb938e5b1f3312c3cfb3 1996 lio-utils_3.1+git2.fd0b34fd-1.dsc
 fadff465d32e076a6b9dfde3bbf48319f11de209ce0f186795f9cb40137ad8f2 116670 lio-utils_3.1+git2.fd0b34fd.orig.tar.gz
 f7cd4f8e2db89cb0eefaf150afa6782af75682b5aca9570fa51d03ea2b18bcf5 3421 lio-utils_3.1+git2.fd0b34fd-1.debian.tar.gz
 cb6777896310cf096c061e966e4411c8847d3b1107cd9bab280bb6e5fbd73fdb 104006 lio-utils_3.1+git2.fd0b34fd-1_amd64.deb
Files: 
 1af045d93ba0ae89665258af8ea53f59 1996 python optional lio-utils_3.1+git2.fd0b34fd-1.dsc
 fccea9937e3b2d52644135d5f2dba51c 116670 python optional lio-utils_3.1+git2.fd0b34fd.orig.tar.gz
 e18ee1fcd02ece57678aacd9c5a24054 3421 python optional lio-utils_3.1+git2.fd0b34fd-1.debian.tar.gz
 f9832af4b867e272108bb3b1a65aec06 104006 python optional lio-utils_3.1+git2.fd0b34fd-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJPslE+AAoJEKY6WKPy4XVpvXcP/0NGMSWoX3W/md9W3zNtoI1y
IaIACb1Pb1x7vwYeC3i1K1kurmGe1kkEVDcuc38N7jpFHohxTxez73sSZqngBmsc
hBggCsp2DaQUPB0kGRHAvuLh1rdeK0Kkf1khToisEY+azdR71rd1VN7bX7KolZ6d
zBYNvmlzlrq7gu74LFHfngscdjOx4OGDpKZLst1qyyFItdxOXukaWLVkiTlG8Njh
r28VPVN0w7Sh7kcClgFFBwvP11b+BC4/6tjJBVgQRrpJwtsEur+2a0HzEAq2H/3W
PeamWe9Ia3qZBdrcXpOKdiknZ+ZSaPWef8mpQTv+mhACW+e9fYC2RRD/ubdi6RrN
CpIzbYD6S7vw4/fEkFRuSKsCZ+kae11iclSxY2P21sZv1Zmwx73+NJ0e11Irs+1L
To2ifwm2Np/Ph/jK1d4ge6BlnHNMz6TIyQiMwirCCzU3VtIW9Jw9Pv7tdEiqt5wX
w2SMyKohyL1/MqRvWMsnyrySNzKsmT0hiUSIFqCU4Cd3tBOZRUQt2dv59y2lmhLc
YpT4RnIYrwEsJ5BTpSkfCMLhhUCikgpvR+5PJTxZ+dhxaNWbOb8DE1XGrFbtTkjb
XW0obhfc/CrYeOK+qFEyEebhB47J2UZzVgRz2W+hZllgE8aewQv+OTwuWlB0+03t
EUHoAwbA+nuNQEgJPqk3
=P6FQ
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 23 Jun 2012 07:47:14 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 14:27:58 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.