Your message dated Wed, 17 Oct 2018 23:05:46 +0000 with message-id <[email protected]> and subject line Bug#695157: fixed in sed 4.5-2 has caused the Debian Bug report #695157, regarding sed: --in-place (or -i) changes permissions on a file with ACLs applied to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 695157: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695157 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: sed Version: 4.2.1-10 Severity: normal It appears that sed -i tampers with the permissions on a file that has ACLs in place. Below is an example of it granting group read access to a given file (and revoking read access to another user): 0 dkg@pip:/srv/dkg$ getfacl test # file: test # owner: dkg # group: adm user::rw- user:wt215:r-- group::--- mask::r-- other::--- 0 dkg@pip:/srv/dkg$ sed -i 's/foo/bar/' test 0 dkg@pip:/srv/dkg$ getfacl test # file: test # owner: dkg # group: adm user::rw- group::r-- other::--- 0 dkg@pip:/srv/dkg$ This is potentially a security concern, if sed causes data to be exposed to users or groups that should not have read access to it. Consider, for example, a configuration file owned by user X that contains a secret authentication token. If X has granted read access to another user, and refused it for everyone else, and X then modifies the config file with sed -i, it could leak the authentication token. --dkg -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages sed depends on: ii dpkg 1.16.9 ii install-info 4.13a.dfsg.1-10 ii libc6 2.13-37 ii libselinux1 2.1.9-5 sed recommends no packages. sed suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: sed Source-Version: 4.5-2 We believe that the bug you reported is fixed in the latest version of sed, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Clint Adams <[email protected]> (supplier of updated sed package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 17 Oct 2018 18:39:10 -0400 Source: sed Binary: sed Architecture: source Version: 4.5-2 Distribution: unstable Urgency: medium Maintainer: Clint Adams <[email protected]> Changed-By: Clint Adams <[email protected]> Description: sed - GNU stream editor for filtering/transforming text Closes: 695157 Changes: sed (4.5-2) unstable; urgency=medium . * Enable ACL support, thanks to Sven Joachim. closes: #695157. * Set packager to Debian. Checksums-Sha1: ce4535ce8cf49ad71a484cd860493ee5ddebcca7 1855 sed_4.5-2.dsc f731092518322c22bd3c21960304163cb2a6d131 59836 sed_4.5-2.debian.tar.xz Checksums-Sha256: 0262c80cbca0033f729dd4859284d0656416b072945c7ff4e5b75c2e169e300b 1855 sed_4.5-2.dsc a03c68be337b6435ed02fce4f06998bfaf930986aa09991f968b256cff5851d8 59836 sed_4.5-2.debian.tar.xz Files: cde84771b467729379c610f44cfd2e93 1855 utils required sed_4.5-2.dsc 894c7460d3ba795a50a29e457270da69 59836 utils required sed_4.5-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEdYHsh0BT5sgHeRubVZIzHhmdOKgFAlvHuxgACgkQVZIzHhmd OKgIzRAAl3twcIfx/0koU4CIkkY4WbCEiOJxj/ecD8zEgpj6R7ti+Btnbp1NehTl gDpwtBsU6goagME2kCr73TiKj++8eI1mhwJsTUgCNx+TkrFxc7QOy+juk9BVSZOC kEFZSvR7UQ6t9uTygLqa1pAhkI0A91vOEJ1vvgtwmDMNmJM1M2Wp/0jSsA21O2ED +HsgBuwTrgCtFJZfzx4wmZ3Lt5eKN+UPsOTTIdSsMGto13QbIrZr6D7GpH1OEkR3 07XRATyIKX7V30JNYekgGyU1YNBPTpwCTmfoTDBiuNSML2iIfOxPGDiRB7XQp6mK wj0U32AjEf41O/16uoLmrdX9StHQgcStzutQqDXl2KCHtQokT8iTuzaUkjg1u7Dc dT+LMPdWbZaBtLdyWTWC+mDtjIhWYdDWlGBlSszExFLWRQvp3la0FqmAArXUlW3d CecbfRKETTuZNe1+cJv4RLMqAMJ4LGFnkdpF2Ut0uoKGW2WxiQkf/cae5hOJ+YwZ 5TarzYME5St1EFU7c5Ejhhbb4HNF8D9pqbgPOhbgNDHyEb8aW4bytbLximBN5EoQ pMM9iiq8T5pNcUALjRwW1A2nk2AIzZaDRHbKumtlTn+6dpqxmcAdW2lstS88LZDC ka9weIdlWz5WzWWOnOUmGFHH9/r8hUdsrPL6Ffd7mbQWSI3s+H8= =jI+D -----END PGP SIGNATURE-----
--- End Message ---
