Package: seahorse
Version: 1.0.1-2
Severity: grave
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On my system, the check for a non-root user's ability to call mlock
fails. The error is: "conftest.c:49: warning: incompatible implicit
declaration of built-in function 'printf'". This is fixed by the
following patch:
- --- seahorse-1.0.1/acinclude.m4 2007-03-19 04:09:25.000000000 +0000
+++ seahorse-1.0.1+printf/acinclude.m4 2007-05-01 09:55:43.000000000 +0100
@@ -53,6 +53,7 @@
#include <sys/mman.h>
#include <sys/types.h>
#include <fcntl.h>
+ #include <stdio.h>
int main () {
long int pgsize = getpagesize ();
However the test still fails but ONLY when run from the configure
script! If I run it manually:
$ gdb ./mlock
Using host libthread_db library "/lib/i686/cmov/libthread_db.so.1".
(gdb) break main
Breakpoint 1 at 0x8048465: file mlock.c, line 38.
(gdb) run
Starting program: /tmp/x/mlock
Failed to read a valid object file image from memory.
Breakpoint 1, main () at mlock.c:38
38 long int pgsize = getpagesize ();
(gdb) next
39 char *pool = malloc (4096 + pgsize);
(gdb) print pgsize
$1 = 4096
(gdb) next
40 if (!pool)
(gdb) next
42 pool += (pgsize - ((long int)pool % pgsize));
(gdb) next
43 if (mlock (pool, 4096) < 0) {
(gdb) next
49 if (geteuid () == 0) {
(gdb) next
53 return 0;
(gdb) next
54 }
(gdb) next
0xb7e66878 in __libc_start_main () from /lib/i686/cmov/libc.so.6
... it succeeds.
The result is that the seahorse-agent ends up in an insecure
configuration that does not prevent its key material from being swapped
to disk.
- -- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (530, 'testing'), (520, 'unstable'), (510, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-4-k7 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages seahorse depends on:
ii gconf2 2.16.1-1 GNOME configuration database syste
ii libart-2.0-2 2.3.19-3 Library of functions for 2D graphi
ii libatk1.0-0 1.18.0-2 The ATK accessibility toolkit
ii libavahi-client3 0.6.16-5 Avahi client library
ii libavahi-common3 0.6.16-5 Avahi common library
ii libavahi-glib1 0.6.16-5 Avahi glib integration library
ii libbonobo2-0 2.18.0-2 Bonobo CORBA interfaces library
ii libbonoboui2-0 2.18.0-5 The Bonobo UI library
ii libc6 2.5-4 GNU C Library: Shared libraries
ii libcairo2 1.4.4-1 The Cairo 2D vector graphics libra
ii libdbus-1-3 1.0.2-1 simple interprocess messaging syst
ii libdbus-glib-1-2 0.73-2 simple interprocess messaging syst
ii libfontconfig1 2.4.2-1.2 generic font configuration library
ii libgcc1 1:4.1.2-5 GCC support library
ii libgconf2-4 2.16.1-1 GNOME configuration database syste
ii libglade2-0 1:2.6.0-4 library to load .glade files at ru
ii libglib2.0-0 2.12.11-3 The GLib library of C routines
ii libgnome-keyring0 0.8.1-2 GNOME keyring services library
ii libgnome2-0 2.18.0-4 The GNOME 2 library - runtime file
ii libgnomecanvas2-0 2.14.0-2 A powerful object-oriented display
ii libgnomeprint2.2-0 2.18.0-2 The GNOME 2.2 print architecture -
ii libgnomeprintui2.2-0 2.18.0-2 GNOME 2.2 print architecture User
ii libgnomeui-0 2.18.1-2 The GNOME 2 libraries (User Interf
ii libgnomevfs2-0 1:2.18.1-1 GNOME Virtual File System (runtime
ii libgnutls13 1.6.2-1 the GNU TLS library - runtime libr
ii libgpg-error0 1.4-2 library for common error values an
ii libgpgme11 1.1.2-5 GPGME - GnuPG Made Easy
ii libgtk2.0-0 2.10.11-2 The GTK+ graphical user interface
ii libgtksourceview1.0-0 1.8.5-1 shared libraries for the GTK+ synt
ii libice6 1:1.0.3-2 X11 Inter-Client Exchange library
ii libldap2 2.1.30-13.4 OpenLDAP libraries
ii libnautilus-extension1 2.18.1-1 libraries for nautilus components
ii libnotify1 [libnotify1-gtk 0.4.4-3 sends desktop notifications to a n
ii libnspr4-0d 1.8.0.11-2 NetScape Portable Runtime Library
ii liborbit2 1:2.14.7-0.2 libraries for ORBit2 - a CORBA ORB
ii libpanel-applet2-0 2.18.1-1+b1 library for GNOME 2 panel applets
ii libpango1.0-0 1.16.2-2 Layout and rendering of internatio
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii libsm6 1:1.0.2-2 X11 Session Management library
ii libsoup2.2-8 2.2.100-1 an HTTP library implementation in
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxcursor1 1.1.7-4 X cursor management library
ii libxext6 1:1.0.1-2 X11 miscellaneous extension librar
ii libxfixes3 1:4.0.1-5 X11 miscellaneous 'fixes' extensio
ii libxi6 1:1.0.1-4 X11 Input extension library
ii libxinerama1 1:1.0.1-4.1 X11 Xinerama extension library
ii libxml2 2.6.28.dfsg-1 GNOME XML library
ii libxrandr2 2:1.2.1-1 X11 RandR extension library
ii libxrender1 1:0.9.1-3 X Rendering Extension client libra
ii libxul0d 1.8.0.11-2 Gecko engine library
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages seahorse recommends:
ii openssh-client 1:4.3p2-9 Secure shell client, an rlogin/rsh
- -- debconf information:
* seahorse/SUID: true
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGNwN8shl/216gEHgRAjOiAJ4saQLbdecJaPAwSqhGhQwshLeodwCfbZrq
/N7zAVjyl1kRw0tfHK8v/0A=
=CRj8
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
