Package: etckeeper
Version: 0.48
Severity: normal
Running "etckeeper init" on a checkout of a git repository managed by
etckeeper chokes on file names containing special characters:
sascha.silbe@twin:/tmp/sascha_silbe/tmpbox.7kmjhKHhbT$ git clone
flatty:git/etc-xo15-sascha
Cloning into etc-xo15-sascha...
remote: Counting objects: 4131, done.
remote: Compressing objects: 100% (3107/3107), done.
remote: Total 4131 (delta 1222), reused 2320 (delta 307)
Receiving objects: 100% (4131/4131), 1.37 MiB | 669 KiB/s, done.
Resolving deltas: 100% (1222/1222), done.
sascha.silbe@twin:/tmp/sascha_silbe/tmpbox.7kmjhKHhbT$ cd etc-xo15-sascha/
sascha.silbe@twin:/tmp/sascha_silbe/tmpbox.7kmjhKHhbT/etc-xo15-sascha$ sudo
etckeeper init -d .
[: 1: ./NetworkManager/system-connections/AdHoc: unexpected operator
[: 1: ./NetworkManager/system-connections/Auto: unexpected operator
[: 1: ./NetworkManager/system-connections/Auto: unexpected operator
[: 1: ./NetworkManager/system-connections/Auto: unexpected operator
sascha.silbe@twin:/tmp/sascha_silbe/tmpbox.7kmjhKHhbT/etc-xo15-sascha$ sudo sh
-x $(which etckeeper) init -d .
[...]
+ /etc/etckeeper/init.d/10restore-metadata
+ /etc/etckeeper/init.d/20restore-etckeeper
[: 1: ./NetworkManager/system-connections/AdHoc: unexpected operator
[: 1: ./NetworkManager/system-connections/Auto: unexpected operator
[: 1: ./NetworkManager/system-connections/Auto: unexpected operator
[: 1: ./NetworkManager/system-connections/Auto: unexpected operator
+ /etc/etckeeper/init.d/40vcs-init
+ /etc/etckeeper/init.d/50vcs-ignore
+ /etc/etckeeper/init.d/50vcs-perm
+ /etc/etckeeper/init.d/50vcs-pre-commit-hook
+ /etc/etckeeper/init.d/60darcs-deleted-symlinks
+ /etc/etckeeper/init.d/70vcs-add
sascha.silbe@twin:/tmp/sascha_silbe/tmpbox.7kmjhKHhbT/etc-xo15-sascha$ grep
system-connections .etckeeper
maybe chmod 600 './NetworkManager/system-connections/AdHoc for Sugar Ch1'
maybe chmod 600 './NetworkManager/system-connections/Auto 802.1x'
maybe chmod 600 './NetworkManager/system-connections/Auto FRITZ!Box Fon WLAN
7270'
maybe chmod 600 './NetworkManager/system-connections/Auto Sinus W 500V'
maybe chmod 600 './NetworkManager/system-connections/Caspar'
maybe chmod 600 './NetworkManager/system-connections/DHCP'
maybe chmod 600 './NetworkManager/system-connections/link-local'
sascha.silbe@twin:/tmp/sascha_silbe/tmpbox.7kmjhKHhbT/etc-xo15-sascha$
Because the files in question were written by NetworkManager, there's a
chance for privilege escalation. However it doesn't happen automatically
in the default set-up ("etckeeper init" isn't usually run on an existing
checkout) and only users that are allowed to configure NetworkManager
system connections are able to exploit it, so I'll leave it up to you
to decide on the severity and handling.
-- System Information:
Debian Release: 6.0
APT prefers squeeze-updates
APT policy: (500, 'squeeze-updates'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages etckeeper depends on:
ii debconf [debconf-2.0] 1.5.36.1 Debian configuration management sy
ii git [git-core] 1:1.7.2.3-2.2 fast, scalable, distributed revisi
ii mercurial 1.6.4-1 scalable distributed version contr
Versions of packages etckeeper recommends:
ii cron 3.0pl1-116 process scheduling daemon
etckeeper suggests no packages.
-- debconf information:
etckeeper/commit_failed:
etckeeper/purge: true
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
