Your message dated Sat, 30 Aug 2008 17:32:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#492282: fixed in seahorse 2.22.3-2
has caused the Debian Bug report #492282,
regarding "seahorse-agent --execute" leaks file descriptors
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
492282: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492282
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: seahorse
Version: 2.22.3-1
Severity: normal
Tags: security
Seahorse leaks file descriptors to processes started with "seahorse-agent
--execute", including the gpg agent listening socket. For the default setup,
this means that all processes started from the desktop inherit those FDs and can
possibly use them. This can be a security issue because the FDs are also
inherited to processes started with su as a different user which normally would
not have access to gpg key and gpg agent socket.
Seahorse should use fcntl to set FD_CLOEXEC on its FDs.
PS: LVM complains about the open FDs, too:
$ su
Password:
# lvs
File descriptor 8 left open
File descriptor 9 left open
File descriptor 13 left open
...
PPS: You can use filan from the socat package to display information about the
open FDs.
--- End Message ---
--- Begin Message ---
Source: seahorse
Source-Version: 2.22.3-2
We believe that the bug you reported is fixed in the latest version of
seahorse, which is due to be installed in the Debian FTP archive:
seahorse_2.22.3-2.diff.gz
to pool/main/s/seahorse/seahorse_2.22.3-2.diff.gz
seahorse_2.22.3-2.dsc
to pool/main/s/seahorse/seahorse_2.22.3-2.dsc
seahorse_2.22.3-2_amd64.deb
to pool/main/s/seahorse/seahorse_2.22.3-2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Josselin Mouette <[EMAIL PROTECTED]> (supplier of updated seahorse package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 30 Aug 2008 18:56:42 +0200
Source: seahorse
Binary: seahorse
Architecture: source amd64
Version: 2.22.3-2
Distribution: unstable
Urgency: low
Maintainer: Jose Carlos Garcia Sogo <[EMAIL PROTECTED]>
Changed-By: Josselin Mouette <[EMAIL PROTECTED]>
Description:
seahorse - GNOME front end for GnuPG
Closes: 492282
Changes:
seahorse (2.22.3-2) unstable; urgency=low
.
* 02_close_fds.patch: set close-on-exec flag on the agent socket's
file descriptor to avoid leaking it to spawned processes.
Closes: #492282.
Checksums-Sha1:
8a7092c4ec3d524999984a7b30fed41ada1f4cec 1712 seahorse_2.22.3-2.dsc
11ef7660b868ea571ae5c90f6f882c6a05f54385 36433 seahorse_2.22.3-2.diff.gz
d539752fdca3705f5d58e0284b504f583f6a7c73 4431982 seahorse_2.22.3-2_amd64.deb
Checksums-Sha256:
019e5f13b7ebd527940e7ec644363550a141d9b2ae6459a6deffae02da474e01 1712
seahorse_2.22.3-2.dsc
63db251f7ec63884755de80bbafc2d337a585d6bcbcbf948407ae531aac92a84 36433
seahorse_2.22.3-2.diff.gz
1ed3b783d19d300312c163a0e1557d2ebd5153cd6e45a88981d512c8e3d6ebb9 4431982
seahorse_2.22.3-2_amd64.deb
Files:
24b9393e10f9d97e8483c67310a176e8 1712 gnome optional seahorse_2.22.3-2.dsc
643d26e2d7c99dd6ceebd1800097f858 36433 gnome optional seahorse_2.22.3-2.diff.gz
f5df320b1fe30450e48e9b57a00bfe16 4431982 gnome optional
seahorse_2.22.3-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIuYDtrSla4ddfhTMRAoEsAJ0SAfxptCUDeCQsjz7HBpYZ02NW9QCeL16v
mLjc8m+u8x3k6edKDH31SyM=
=CQov
-----END PGP SIGNATURE-----
--- End Message ---
