Package: s390-tools; Maintainer for s390-tools is Debian S/390 Team <debian-s390@lists.debian.org>; Source for s390-tools is src:s390-tools (PTS, buildd, popcon).
Reported by: dann frazier <dannf@debian.org>
Date: Tue, 8 Dec 2015 22:15:06 UTC
Severity: normal
Tags: patch
Found in version s390-tools/1.32.0-1
Reply or subscribe to this bug.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian S/390 Team <debian-s390@lists.debian.org>:
Bug#807442; Package s390-tools.
(Tue, 08 Dec 2015 22:15:10 GMT) (full text, mbox, link).
Acknowledgement sent
to dann frazier <dannf@debian.org>:
New Bug report received and forwarded. Copy sent to Debian S/390 Team <debian-s390@lists.debian.org>.
(Tue, 08 Dec 2015 22:15:10 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: s390-tools Version: 1.32.0-1 Severity: normal Tags: patch The source package provides a dbginfo.sh tool that is not currently included in the binary package.
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian S/390 Team <debian-s390@lists.debian.org>:
Bug#807442; Package s390-tools.
(Tue, 08 Dec 2015 22:21:04 GMT) (full text, mbox, link).
Acknowledgement sent
to dann frazier <dannf@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian S/390 Team <debian-s390@lists.debian.org>.
(Tue, 08 Dec 2015 22:21:04 GMT) (full text, mbox, link).
Message #10 received at 807442@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Attached.
[add-dbginfo.sh.patch (text/x-diff, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian S/390 Team <debian-s390@lists.debian.org>:
Bug#807442; Package s390-tools.
(Wed, 09 Dec 2015 08:09:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Hendrik Brueckner <brueckner@linux.vnet.ibm.com>:
Extra info received and forwarded to list. Copy sent to Debian S/390 Team <debian-s390@lists.debian.org>.
(Wed, 09 Dec 2015 08:09:03 GMT) (full text, mbox, link).
Message #15 received at 807442@bugs.debian.org (full text, mbox, reply):
Hi Dann, On Tue, Dec 08, 2015 at 03:17:49PM -0700, dann frazier wrote: > Attached. > diff -Nru s390-tools-1.32.0/debian/changelog s390-tools-1.32.0/debian/changelog > --- s390-tools-1.32.0/debian/changelog 2015-10-25 17:12:02.000000000 +0100 > +++ s390-tools-1.32.0/debian/changelog 2015-12-08 23:14:52.000000000 +0100 > @@ -1,3 +1,9 @@ > +s390-tools (1.32.0-2) UNRELEASED; urgency=medium > + > + * Add dbginfo.sh. (Closes: #807442) > + > + -- dann frazier <dannf@debian.org> Tue, 08 Dec 2015 22:33:52 +0100 > + > s390-tools (1.32.0-1) unstable; urgency=medium > > * New upstream release > diff -Nru s390-tools-1.32.0/debian/s390-tools.install s390-tools-1.32.0/debian/s390-tools.install > --- s390-tools-1.32.0/debian/s390-tools.install 2014-07-26 23:59:18.000000000 +0200 > +++ s390-tools-1.32.0/debian/s390-tools.install 2015-12-08 23:08:30.000000000 +0100 > @@ -10,6 +10,10 @@ > /sbin/dasdview > /usr/share/man/man8/dasdview.8 > > +# dbginfo.sh > +/sbin/dbginfo.sh > +/usr/share/man/man1/dbginfo.sh.1 > + > # fdasd > /sbin/fdasd > /usr/share/man/man8/fdasd.8 Thanks for submitting this patch and the lsluns patch as well. I am about to open another bug to include the device-mapper helper for zipl and chreipl as well. They are required for booting from device-mapper devices, for example, LVM, multipath. Thanks and kind regards, Hendrik -- Hendrik Brueckner brueckner@linux.vnet.ibm.com | IBM Deutschland Research & Development GmbH Linux on z Systems Development | Schoenaicher Str. 220, 71032 Boeblingen IBM Deutschland Research & Development GmbH Vorsitzender des Aufsichtsrats: Martina Koederitz Geschaeftsfuehrung: Dirk Wittkopp Sitz der Gesellschaft: Boeblingen Registergericht: Amtsgericht Stuttgart, HRB 243294
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian S/390 Team <debian-s390@lists.debian.org>:
Bug#807442; Package s390-tools.
(Sun, 13 Dec 2015 15:06:08 GMT) (full text, mbox, link).
Message #18 received at 807442@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Tue, Dec 08, 2015 at 03:17:49PM -0700, dann frazier wrote: > diff -Nru s390-tools-1.32.0/debian/changelog s390-tools-1.32.0/debian/changelog > --- s390-tools-1.32.0/debian/changelog 2015-10-25 17:12:02.000000000 +0100 > +++ s390-tools-1.32.0/debian/changelog 2015-12-08 23:14:52.000000000 +0100 > @@ -1,3 +1,9 @@ > +s390-tools (1.32.0-2) UNRELEASED; urgency=medium > + > + * Add dbginfo.sh. (Closes: #807442) > + > + -- dann frazier <dannf@debian.org> Tue, 08 Dec 2015 22:33:52 +0100 > + > s390-tools (1.32.0-1) unstable; urgency=medium > > * New upstream release > diff -Nru s390-tools-1.32.0/debian/s390-tools.install s390-tools-1.32.0/debian/s390-tools.install > --- s390-tools-1.32.0/debian/s390-tools.install 2014-07-26 23:59:18.000000000 +0200 > +++ s390-tools-1.32.0/debian/s390-tools.install 2015-12-08 23:08:30.000000000 +0100 > @@ -10,6 +10,10 @@ > /sbin/dasdview > /usr/share/man/man8/dasdview.8 > > +# dbginfo.sh > +/sbin/dbginfo.sh > +/usr/share/man/man1/dbginfo.sh.1 > + > # fdasd > /sbin/fdasd > /usr/share/man/man8/fdasd.8 Three comments: * dbginfo.sh should tell the user that the information in the tarball is sensitive. * The resulting tarball should be 0600 by default. (The script needs to run as root anyway, but placing the result world-readable in /tmp does not seem smart.) * Unless this is expected to be in /sbin, given that it's user invoked and not usually scripted, should this be in /usr/sbin instead? Kind regards and thanks Philipp Kern
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian S/390 Team <debian-s390@lists.debian.org>:
Bug#807442; Package s390-tools.
(Mon, 14 Dec 2015 08:30:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Hendrik Brueckner <brueckner@linux.vnet.ibm.com>:
Extra info received and forwarded to list. Copy sent to Debian S/390 Team <debian-s390@lists.debian.org>.
(Mon, 14 Dec 2015 08:30:06 GMT) (full text, mbox, link).
Message #23 received at 807442@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi Philipp, On Sun, Dec 13, 2015 at 03:50:01PM +0100, Philipp Kern wrote: > On Tue, Dec 08, 2015 at 03:17:49PM -0700, dann frazier wrote: > > diff -Nru s390-tools-1.32.0/debian/changelog s390-tools-1.32.0/debian/changelog > > --- s390-tools-1.32.0/debian/changelog 2015-10-25 17:12:02.000000000 +0100 > > +++ s390-tools-1.32.0/debian/changelog 2015-12-08 23:14:52.000000000 +0100 > > @@ -1,3 +1,9 @@ > > +s390-tools (1.32.0-2) UNRELEASED; urgency=medium > > + > > + * Add dbginfo.sh. (Closes: #807442) > > + > > + -- dann frazier <dannf@debian.org> Tue, 08 Dec 2015 22:33:52 +0100 > > + > > s390-tools (1.32.0-1) unstable; urgency=medium > > > > * New upstream release > > diff -Nru s390-tools-1.32.0/debian/s390-tools.install s390-tools-1.32.0/debian/s390-tools.install > > --- s390-tools-1.32.0/debian/s390-tools.install 2014-07-26 23:59:18.000000000 +0200 > > +++ s390-tools-1.32.0/debian/s390-tools.install 2015-12-08 23:08:30.000000000 +0100 > > @@ -10,6 +10,10 @@ > > /sbin/dasdview > > /usr/share/man/man8/dasdview.8 > > > > +# dbginfo.sh > > +/sbin/dbginfo.sh > > +/usr/share/man/man1/dbginfo.sh.1 > > + > > # fdasd > > /sbin/fdasd > > /usr/share/man/man8/fdasd.8 > > Three comments: > > * dbginfo.sh should tell the user that the information in the tarball > is sensitive. > * The resulting tarball should be 0600 by default. (The script needs > to run as root anyway, but placing the result world-readable in > /tmp does not seem smart.) Thanks for the feedback. I think that sounds good. I put the s390-tools owners for their feedback on CC. > * Unless this is expected to be in /sbin, given that it's user > invoked and not usually scripted, should this be in /usr/sbin > instead? > Kind regards, Hendrik
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian S/390 Team <debian-s390@lists.debian.org>:
Bug#807442; Package s390-tools.
(Mon, 14 Dec 2015 10:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Hendrik Brueckner <brueckner@linux.vnet.ibm.com>:
Extra info received and forwarded to list. Copy sent to Debian S/390 Team <debian-s390@lists.debian.org>.
(Mon, 14 Dec 2015 10:33:03 GMT) (full text, mbox, link).
Message #28 received at 807442@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Mon, Dec 14, 2015 at 09:28:08AM +0100, Hendrik Brueckner wrote: > On Sun, Dec 13, 2015 at 03:50:01PM +0100, Philipp Kern wrote: > > On Tue, Dec 08, 2015 at 03:17:49PM -0700, dann frazier wrote: > > > --- s390-tools-1.32.0/debian/s390-tools.install 2014-07-26 23:59:18.000000000 +0200 > > > +++ s390-tools-1.32.0/debian/s390-tools.install 2015-12-08 23:08:30.000000000 +0100 > > > @@ -10,6 +10,10 @@ > > > /sbin/dasdview > > > /usr/share/man/man8/dasdview.8 > > > > > > +# dbginfo.sh > > > +/sbin/dbginfo.sh > > > +/usr/share/man/man1/dbginfo.sh.1 > > > + > > > > * Unless this is expected to be in /sbin, given that it's user > > invoked and not usually scripted, should this be in /usr/sbin > > instead? I am not sure what you exactly mean with "user" invoked. Anyhow, /sbin/ makes sense because the intention of the dbginfo.sh script is to collect system and debugging information. So it is important to have it available early (even before /usr becomes mounted). I would also go further and would suggest to included it in the s390-tools udeb package to be available in the debian installer too. But I would have to check if it runs in the debian installer environment. I could also imagine to integrate it into the installation-report module. Thanks and kind regards, Hendrik
[Message part 2 (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian S/390 Team <debian-s390@lists.debian.org>:
Bug#807442; Package s390-tools.
(Fri, 29 Jan 2016 23:18:04 GMT) (full text, mbox, link).
Acknowledgement sent
to dann frazier <dannf@dannf.org>:
Extra info received and forwarded to list. Copy sent to Debian S/390 Team <debian-s390@lists.debian.org>.
(Fri, 29 Jan 2016 23:18:04 GMT) (full text, mbox, link).
Message #33 received at 807442@bugs.debian.org (full text, mbox, reply):
On Mon, Dec 14, 2015 at 11:31:26AM +0100, Hendrik Brueckner wrote: > On Mon, Dec 14, 2015 at 09:28:08AM +0100, Hendrik Brueckner wrote: > > On Sun, Dec 13, 2015 at 03:50:01PM +0100, Philipp Kern wrote: > > > On Tue, Dec 08, 2015 at 03:17:49PM -0700, dann frazier wrote: > > > > --- s390-tools-1.32.0/debian/s390-tools.install 2014-07-26 23:59:18.000000000 +0200 > > > > +++ s390-tools-1.32.0/debian/s390-tools.install 2015-12-08 23:08:30.000000000 +0100 > > > > @@ -10,6 +10,10 @@ > > > > /sbin/dasdview > > > > /usr/share/man/man8/dasdview.8 > > > > > > > > +# dbginfo.sh > > > > +/sbin/dbginfo.sh > > > > +/usr/share/man/man1/dbginfo.sh.1 > > > > + > > > > > > * Unless this is expected to be in /sbin, given that it's user > > > invoked and not usually scripted, should this be in /usr/sbin > > > instead? > > I am not sure what you exactly mean with "user" invoked. I believe that note means that this utility appears to be something that a user would execute in an interactive terminal vs. e.g. a script in early boot. > Anyhow, /sbin/ makes sense because the intention of the dbginfo.sh > script is to collect system and debugging information. So it is > important to have it available early (even before /usr becomes > mounted). While this maybe a theoretical use case, I don't think the script has been designed to run in this environment. As one example, it calls "/usr/bin/id" to check if it is running as root. It also uses the "find" command in a number of places which, at least on Debian systems, is installed in /usr/bin. > I would also go further and would suggest to included it in the > s390-tools udeb package to be available in the debian installer > too. But I would have to check if it runs in the debian installer > environment. I could also imagine to integrate it into the > installation-report module. I'd suggest opening separate bugs for those.
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian S/390 Team <debian-s390@lists.debian.org>:
Bug#807442; Package s390-tools.
(Fri, 29 Jan 2016 23:18:15 GMT) (full text, mbox, link).
Acknowledgement sent
to dann frazier <dannf@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian S/390 Team <debian-s390@lists.debian.org>.
(Fri, 29 Jan 2016 23:18:15 GMT) (full text, mbox, link).
Message #38 received at 807442@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Sun, Dec 13, 2015 at 03:50:01PM +0100, Philipp Kern wrote: > On Tue, Dec 08, 2015 at 03:17:49PM -0700, dann frazier wrote: > > diff -Nru s390-tools-1.32.0/debian/changelog s390-tools-1.32.0/debian/changelog > > --- s390-tools-1.32.0/debian/changelog 2015-10-25 17:12:02.000000000 +0100 > > +++ s390-tools-1.32.0/debian/changelog 2015-12-08 23:14:52.000000000 +0100 > > @@ -1,3 +1,9 @@ > > +s390-tools (1.32.0-2) UNRELEASED; urgency=medium > > + > > + * Add dbginfo.sh. (Closes: #807442) > > + > > + -- dann frazier <dannf@debian.org> Tue, 08 Dec 2015 22:33:52 +0100 > > + > > s390-tools (1.32.0-1) unstable; urgency=medium > > > > * New upstream release > > diff -Nru s390-tools-1.32.0/debian/s390-tools.install s390-tools-1.32.0/debian/s390-tools.install > > --- s390-tools-1.32.0/debian/s390-tools.install 2014-07-26 23:59:18.000000000 +0200 > > +++ s390-tools-1.32.0/debian/s390-tools.install 2015-12-08 23:08:30.000000000 +0100 > > @@ -10,6 +10,10 @@ > > /sbin/dasdview > > /usr/share/man/man8/dasdview.8 > > > > +# dbginfo.sh > > +/sbin/dbginfo.sh > > +/usr/share/man/man1/dbginfo.sh.1 > > + > > # fdasd > > /sbin/fdasd > > /usr/share/man/man8/fdasd.8 > > Three comments: > > * dbginfo.sh should tell the user that the information in the tarball > is sensitive. > * The resulting tarball should be 0600 by default. (The script needs > to run as root anyway, but placing the result world-readable in > /tmp does not seem smart.) > * Unless this is expected to be in /sbin, given that it's user > invoked and not usually scripted, should this be in /usr/sbin > instead? Good feedback, thanks Philipp! I've addressed all 3 issues in the attached updated patch.
[add-dbginfo.sh-2.patch (text/x-diff, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian S/390 Team <debian-s390@lists.debian.org>:
Bug#807442; Package s390-tools.
(Thu, 04 Feb 2016 08:39:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Hendrik Brueckner <brueckner@linux.vnet.ibm.com>:
Extra info received and forwarded to list. Copy sent to Debian S/390 Team <debian-s390@lists.debian.org>.
(Thu, 04 Feb 2016 08:39:10 GMT) (full text, mbox, link).
Message #43 received at 807442@bugs.debian.org (full text, mbox, reply):
Hi Dann,
I have CC'ed Wolfgang who takes care of it from customer service perspective.
Within our team, we received some feedback for your patches that I want to
share with you.
On Fri, Jan 29, 2016 at 04:17:32PM -0700, dann frazier wrote:
> On Sun, Dec 13, 2015 at 03:50:01PM +0100, Philipp Kern wrote:
> > On Tue, Dec 08, 2015 at 03:17:49PM -0700, dann frazier wrote:
> > > diff -Nru s390-tools-1.32.0/debian/changelog s390-tools-1.32.0/debian/changelog
> > > --- s390-tools-1.32.0/debian/changelog 2015-10-25 17:12:02.000000000 +0100
> > > +++ s390-tools-1.32.0/debian/changelog 2015-12-08 23:14:52.000000000 +0100
> > > @@ -1,3 +1,9 @@
> > > +s390-tools (1.32.0-2) UNRELEASED; urgency=medium
> > > +
> > > + * Add dbginfo.sh. (Closes: #807442)
> > > +
> > > + -- dann frazier <dannf@debian.org> Tue, 08 Dec 2015 22:33:52 +0100
> > > +
> > > s390-tools (1.32.0-1) unstable; urgency=medium
> > >
> > > * New upstream release
> > > diff -Nru s390-tools-1.32.0/debian/s390-tools.install s390-tools-1.32.0/debian/s390-tools.install
> > > --- s390-tools-1.32.0/debian/s390-tools.install 2014-07-26 23:59:18.000000000 +0200
> > > +++ s390-tools-1.32.0/debian/s390-tools.install 2015-12-08 23:08:30.000000000 +0100
> > > @@ -10,6 +10,10 @@
> > > /sbin/dasdview
> > > /usr/share/man/man8/dasdview.8
> > >
> > > +# dbginfo.sh
> > > +/sbin/dbginfo.sh
> > > +/usr/share/man/man1/dbginfo.sh.1
> > > +
> > > # fdasd
> > > /sbin/fdasd
> > > /usr/share/man/man8/fdasd.8
> >
> > Three comments:
> >
> > * dbginfo.sh should tell the user that the information in the tarball
> > is sensitive.
> > * The resulting tarball should be 0600 by default. (The script needs
> > to run as root anyway, but placing the result world-readable in
> > /tmp does not seem smart.)
> > * Unless this is expected to be in /sbin, given that it's user
> > invoked and not usually scripted, should this be in /usr/sbin
> > instead?
>
> Good feedback, thanks Philipp! I've addressed all 3 issues in the
> attached updated patch.
> diff -Nru s390-tools-1.32.0/debian/changelog s390-tools-1.32.0/debian/changelog
> --- s390-tools-1.32.0/debian/changelog 2015-12-13 09:50:48.000000000 -0500
> +++ s390-tools-1.32.0/debian/changelog 2016-01-29 12:56:29.000000000 -0500
> @@ -1,3 +1,12 @@
> +s390-tools (1.32.0-3) UNRELEASED; urgency=medium
> +
> + * Add dbginfo.sh. (Closes: #807442, LP: #1539719)
> + - dbginfo.sh-umask.patch: Avoid leaking content to unprivileged users.
> + - dbginfo.sh-warn.patch: Warn users about the sensitivity of the data
> + this tool collects.
> +
> + -- dann frazier <dannf@debian.org> Fri, 29 Jan 2016 12:49:16 -0500
> +
> s390-tools (1.32.0-2) unstable; urgency=medium
>
> [ Hendrik Brueckner ]
> diff -Nru s390-tools-1.32.0/debian/patches/dbginfo.sh-umask.patch s390-tools-1.32.0/debian/patches/dbginfo.sh-umask.patch
> --- s390-tools-1.32.0/debian/patches/dbginfo.sh-umask.patch 1969-12-31 19:00:00.000000000 -0500
> +++ s390-tools-1.32.0/debian/patches/dbginfo.sh-umask.patch 2016-01-29 12:21:06.000000000 -0500
> @@ -0,0 +1,16 @@
> +Description: dbginfo.sh: set umask to prevent local leaks of sensitive data
> +Author: dann frazier <dannf@debian.org>
> +Last-Update: 2016-01-29
> +
> +Index: s390-tools-1.32.0/scripts/dbginfo.sh
> +===================================================================
> +--- s390-tools-1.32.0.orig/scripts/dbginfo.sh
> ++++ s390-tools-1.32.0/scripts/dbginfo.sh
> +@@ -12,6 +12,7 @@ export LC_ALL
> + # The general name of this script
> + readonly SCRIPTNAME="${0##*/}"
> +
> ++umask 0077
This is tricky and probaly leads to changed permissions that might be useful
to detect permissions problem. Wolfgang and team worked on this topic and
a problem fix will be provided with the next s390-tools version. The idea
here is to change the permission of the directory which will be created to
contain all service data.
> +
> + ########################################
> + # print version info
> diff -Nru s390-tools-1.32.0/debian/patches/dbginfo.sh-warn.patch s390-tools-1.32.0/debian/patches/dbginfo.sh-warn.patch
> --- s390-tools-1.32.0/debian/patches/dbginfo.sh-warn.patch 1969-12-31 19:00:00.000000000 -0500
> +++ s390-tools-1.32.0/debian/patches/dbginfo.sh-warn.patch 2016-01-29 12:32:51.000000000 -0500
> @@ -0,0 +1,38 @@
> +Description: dbginfo.sh: Sensitivity training
> + Warn users that the archive this tool generates contains sensitive data,
> + and give them an opportunity to exit.
> +Author: dann frazier <dannf@debian.org>
> +Last-Update: 2016-01-29
> +
> +Index: s390-tools-1.32.0/scripts/dbginfo.sh
> +===================================================================
> +--- s390-tools-1.32.0.orig/scripts/dbginfo.sh
> ++++ s390-tools-1.32.0/scripts/dbginfo.sh
> +@@ -71,6 +71,27 @@ if test "$(/usr/bin/id -u 2>/dev/null)"
> + exit 1
> + fi
> +
> ++echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
> ++echo " Warning: The archive created by this utility will contain sensitive"
> ++echo " information including, but not limited to:"
> ++echo " - configuration files"
> ++echo " - log files"
> ++echo " - hardware state information"
> ++echo " - running process state and command line arguments"
> ++echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
> ++echo ""
> ++echo -n " Do you wish to continue? [y/N]> "
> ++read resp
> ++case "$resp" in
> ++ y|Y)
> ++ :
> ++ ;;
> ++ *)
> ++ echo "OK, exiting."
> ++ exit 0
> ++esac
The dbginfo.sh must be started as root and typically whoever acts as root
should know what it doesn... if not, well, it should be not root ;-)
Also keep in mind that the dbginfo.sh is called from within other programs
that are non-interactive.
For clarity, what exactly do you understand of "sensitive" data. dbginfo.sh
does not collect file that contains passwords. If think that dbginfo.sh
includes password-sensitive data, feel free to report the problem to us.
> ++
> ++
> + #######################################
> + # Parsing the command line
> + #
> diff -Nru s390-tools-1.32.0/debian/patches/series s390-tools-1.32.0/debian/patches/series
> --- s390-tools-1.32.0/debian/patches/series 2015-12-13 09:41:14.000000000 -0500
> +++ s390-tools-1.32.0/debian/patches/series 2016-01-29 12:21:21.000000000 -0500
> @@ -6,3 +6,5 @@
> zipl-optional.patch
> disable.patch
> sg3-utils.patch
> +dbginfo.sh-umask.patch
> +dbginfo.sh-warn.patch
> diff -Nru s390-tools-1.32.0/debian/s390-tools.install s390-tools-1.32.0/debian/s390-tools.install
> --- s390-tools-1.32.0/debian/s390-tools.install 2015-12-13 09:47:24.000000000 -0500
> +++ s390-tools-1.32.0/debian/s390-tools.install 2016-01-29 12:40:00.000000000 -0500
> @@ -10,6 +10,10 @@
> /sbin/dasdview
> /usr/share/man/man8/dasdview.8
>
> +# dbginfo.sh
> +/sbin/dbginfo.sh /usr/sbin
> +/usr/share/man/man1/dbginfo.sh.1
> +
> # fdasd
> /sbin/fdasd
> /usr/share/man/man8/fdasd.8
Thanks and kind regards,
Hendrik
--
Hendrik Brueckner
brueckner@linux.vnet.ibm.com | IBM Deutschland Research & Development GmbH
Linux on z Systems Development | Schoenaicher Str. 220, 71032 Boeblingen
IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martina Koederitz
Geschaeftsfuehrung: Dirk Wittkopp
Sitz der Gesellschaft: Boeblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian S/390 Team <debian-s390@lists.debian.org>:
Bug#807442; Package s390-tools.
(Thu, 04 Feb 2016 20:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to dann frazier <dannf@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian S/390 Team <debian-s390@lists.debian.org>.
(Thu, 04 Feb 2016 20:33:03 GMT) (full text, mbox, link).
Message #48 received at 807442@bugs.debian.org (full text, mbox, reply):
On Thu, Feb 04, 2016 at 09:35:13AM +0100, Hendrik Brueckner wrote:
> Hi Dann,
>
> I have CC'ed Wolfgang who takes care of it from customer service perspective.
> Within our team, we received some feedback for your patches that I want to
> share with you.
>
> On Fri, Jan 29, 2016 at 04:17:32PM -0700, dann frazier wrote:
> > On Sun, Dec 13, 2015 at 03:50:01PM +0100, Philipp Kern wrote:
> > > On Tue, Dec 08, 2015 at 03:17:49PM -0700, dann frazier wrote:
> > > > diff -Nru s390-tools-1.32.0/debian/changelog s390-tools-1.32.0/debian/changelog
> > > > --- s390-tools-1.32.0/debian/changelog 2015-10-25 17:12:02.000000000 +0100
> > > > +++ s390-tools-1.32.0/debian/changelog 2015-12-08 23:14:52.000000000 +0100
> > > > @@ -1,3 +1,9 @@
> > > > +s390-tools (1.32.0-2) UNRELEASED; urgency=medium
> > > > +
> > > > + * Add dbginfo.sh. (Closes: #807442)
> > > > +
> > > > + -- dann frazier <dannf@debian.org> Tue, 08 Dec 2015 22:33:52 +0100
> > > > +
> > > > s390-tools (1.32.0-1) unstable; urgency=medium
> > > >
> > > > * New upstream release
> > > > diff -Nru s390-tools-1.32.0/debian/s390-tools.install s390-tools-1.32.0/debian/s390-tools.install
> > > > --- s390-tools-1.32.0/debian/s390-tools.install 2014-07-26 23:59:18.000000000 +0200
> > > > +++ s390-tools-1.32.0/debian/s390-tools.install 2015-12-08 23:08:30.000000000 +0100
> > > > @@ -10,6 +10,10 @@
> > > > /sbin/dasdview
> > > > /usr/share/man/man8/dasdview.8
> > > >
> > > > +# dbginfo.sh
> > > > +/sbin/dbginfo.sh
> > > > +/usr/share/man/man1/dbginfo.sh.1
> > > > +
> > > > # fdasd
> > > > /sbin/fdasd
> > > > /usr/share/man/man8/fdasd.8
> > >
> > > Three comments:
> > >
> > > * dbginfo.sh should tell the user that the information in the tarball
> > > is sensitive.
> > > * The resulting tarball should be 0600 by default. (The script needs
> > > to run as root anyway, but placing the result world-readable in
> > > /tmp does not seem smart.)
> > > * Unless this is expected to be in /sbin, given that it's user
> > > invoked and not usually scripted, should this be in /usr/sbin
> > > instead?
> >
> > Good feedback, thanks Philipp! I've addressed all 3 issues in the
> > attached updated patch.
>
> > diff -Nru s390-tools-1.32.0/debian/changelog s390-tools-1.32.0/debian/changelog
> > --- s390-tools-1.32.0/debian/changelog 2015-12-13 09:50:48.000000000 -0500
> > +++ s390-tools-1.32.0/debian/changelog 2016-01-29 12:56:29.000000000 -0500
> > @@ -1,3 +1,12 @@
> > +s390-tools (1.32.0-3) UNRELEASED; urgency=medium
> > +
> > + * Add dbginfo.sh. (Closes: #807442, LP: #1539719)
> > + - dbginfo.sh-umask.patch: Avoid leaking content to unprivileged users.
> > + - dbginfo.sh-warn.patch: Warn users about the sensitivity of the data
> > + this tool collects.
> > +
> > + -- dann frazier <dannf@debian.org> Fri, 29 Jan 2016 12:49:16 -0500
> > +
> > s390-tools (1.32.0-2) unstable; urgency=medium
> >
> > [ Hendrik Brueckner ]
> > diff -Nru s390-tools-1.32.0/debian/patches/dbginfo.sh-umask.patch s390-tools-1.32.0/debian/patches/dbginfo.sh-umask.patch
> > --- s390-tools-1.32.0/debian/patches/dbginfo.sh-umask.patch 1969-12-31 19:00:00.000000000 -0500
> > +++ s390-tools-1.32.0/debian/patches/dbginfo.sh-umask.patch 2016-01-29 12:21:06.000000000 -0500
> > @@ -0,0 +1,16 @@
> > +Description: dbginfo.sh: set umask to prevent local leaks of sensitive data
> > +Author: dann frazier <dannf@debian.org>
> > +Last-Update: 2016-01-29
> > +
> > +Index: s390-tools-1.32.0/scripts/dbginfo.sh
> > +===================================================================
> > +--- s390-tools-1.32.0.orig/scripts/dbginfo.sh
> > ++++ s390-tools-1.32.0/scripts/dbginfo.sh
> > +@@ -12,6 +12,7 @@ export LC_ALL
> > + # The general name of this script
> > + readonly SCRIPTNAME="${0##*/}"
> > +
> > ++umask 0077
>
> This is tricky and probaly leads to changed permissions that might be useful
> to detect permissions problem. Wolfgang and team worked on this topic and
> a problem fix will be provided with the next s390-tools version. The idea
> here is to change the permission of the directory which will be created to
> contain all service data.
OK.
> > +
> > + ########################################
> > + # print version info
> > diff -Nru s390-tools-1.32.0/debian/patches/dbginfo.sh-warn.patch s390-tools-1.32.0/debian/patches/dbginfo.sh-warn.patch
> > --- s390-tools-1.32.0/debian/patches/dbginfo.sh-warn.patch 1969-12-31 19:00:00.000000000 -0500
> > +++ s390-tools-1.32.0/debian/patches/dbginfo.sh-warn.patch 2016-01-29 12:32:51.000000000 -0500
> > @@ -0,0 +1,38 @@
> > +Description: dbginfo.sh: Sensitivity training
> > + Warn users that the archive this tool generates contains sensitive data,
> > + and give them an opportunity to exit.
> > +Author: dann frazier <dannf@debian.org>
> > +Last-Update: 2016-01-29
> > +
> > +Index: s390-tools-1.32.0/scripts/dbginfo.sh
> > +===================================================================
> > +--- s390-tools-1.32.0.orig/scripts/dbginfo.sh
> > ++++ s390-tools-1.32.0/scripts/dbginfo.sh
> > +@@ -71,6 +71,27 @@ if test "$(/usr/bin/id -u 2>/dev/null)"
> > + exit 1
> > + fi
> > +
> > ++echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
> > ++echo " Warning: The archive created by this utility will contain sensitive"
> > ++echo " information including, but not limited to:"
> > ++echo " - configuration files"
> > ++echo " - log files"
> > ++echo " - hardware state information"
> > ++echo " - running process state and command line arguments"
> > ++echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
> > ++echo ""
> > ++echo -n " Do you wish to continue? [y/N]> "
> > ++read resp
> > ++case "$resp" in
> > ++ y|Y)
> > ++ :
> > ++ ;;
> > ++ *)
> > ++ echo "OK, exiting."
> > ++ exit 0
> > ++esac
>
> The dbginfo.sh must be started as root and typically whoever acts as root
> should know what it doesn... if not, well, it should be not root ;-)
Hi Henrik,
I don't know that we can expect every user with root privileges to
know what /this/ tool does. Certainly they could inspect the tarball
before distributing it - but it is quite a bit of data for someone who
maybe urgently trying to get a fix for their system. I personally
don't see the harm in a "hey buddy, watch what you do with this"
message - it may make someone rethink e.g. putting it on a public
webserver vs. finding a secure transport mechanism to their support
org.
> Also keep in mind that the dbginfo.sh is called from within other programs
> that are non-interactive.
Yeah - my thought there was that we could add a commandline argument
to tell it to run in non-interactive mode. I omitted that in
this patch because I didn't want to introduce an argument that may
later conflict (or differ) with something upstream.
But, on further thought, I can see why adding such a facility would
be a problem for existing users. If they already have this scripted,
an update shouldn't start making those scripts go interactive.
Perhaps we could just emit a warning at the very end of the output?
> For clarity, what exactly do you understand of "sensitive" data. dbginfo.sh
> does not collect file that contains passwords. If think that dbginfo.sh
> includes password-sensitive data, feel free to report the problem to us.
What a user considers sensitive will vary from user to user. I won't
argue that dbginfo.sh should stop collecting anything that maybe
perceived as sensitive - that would only limit its value as a debug
tool.
But, since you asked, some examples of things that *I* would consider
sensitive (but certainly useful for debug) are:
- firewall configuration/iptables (oh, look at that open port!)
- SW versions (oh, they're running a kernel w/ a known vulnerability!)
- Network config (oh, that's the DNS server to target for MITM!)
- The list of running processes (oh - CorpFoo uses BlahDB!)
-dann
>
> > ++
> > ++
> > + #######################################
> > + # Parsing the command line
> > + #
> > diff -Nru s390-tools-1.32.0/debian/patches/series s390-tools-1.32.0/debian/patches/series
> > --- s390-tools-1.32.0/debian/patches/series 2015-12-13 09:41:14.000000000 -0500
> > +++ s390-tools-1.32.0/debian/patches/series 2016-01-29 12:21:21.000000000 -0500
> > @@ -6,3 +6,5 @@
> > zipl-optional.patch
> > disable.patch
> > sg3-utils.patch
> > +dbginfo.sh-umask.patch
> > +dbginfo.sh-warn.patch
> > diff -Nru s390-tools-1.32.0/debian/s390-tools.install s390-tools-1.32.0/debian/s390-tools.install
> > --- s390-tools-1.32.0/debian/s390-tools.install 2015-12-13 09:47:24.000000000 -0500
> > +++ s390-tools-1.32.0/debian/s390-tools.install 2016-01-29 12:40:00.000000000 -0500
> > @@ -10,6 +10,10 @@
> > /sbin/dasdview
> > /usr/share/man/man8/dasdview.8
> >
> > +# dbginfo.sh
> > +/sbin/dbginfo.sh /usr/sbin
> > +/usr/share/man/man1/dbginfo.sh.1
> > +
> > # fdasd
> > /sbin/fdasd
> > /usr/share/man/man8/fdasd.8
>
> Thanks and kind regards,
> Hendrik
>
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.