Your message dated Thu, 08 Jul 2004 03:47:41 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#257504: fixed in kernel-source-2.6.7 2.6.7-3
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 3 Jul 2004 21:50:49 +0000
>From [EMAIL PROTECTED] Sat Jul 03 14:50:49 2004
Return-path: <[EMAIL PROTECTED]>
Received: from home.nightdaughter.de [194.95.224.141]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BgsPI-0002mj-00; Sat, 03 Jul 2004 14:50:49 -0700
Received: from hydra.joerghoh.de (hydra.joerghoh.de [192.168.0.14])
by home.nightdaughter.de (Postfix) with SMTP id 47C2F170029
for <[EMAIL PROTECTED]>; Sat, 3 Jul 2004 23:50:46 +0200 (CEST)
Received: by hydra.joerghoh.de (sSMTP sendmail emulation); Sat, 3 Jul 2004
23:50:47 +0200
From: "Joerg Hoh" <[EMAIL PROTECTED]>
Date: Sat, 3 Jul 2004 23:50:47 +0200
To: [EMAIL PROTECTED]
Subject: User can chown/chmod files in /proc
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.5.6i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: kernel-source-2.6.7
Version: 2.6.7
A user with a local account can change the owner and the permissions of
files in /proc. Affected is at least kernel 2.6.7, but possibly all 2.6.x
kernels.
hydra proc $ cd /proc
hydra proc $ ls -la config.gz
-r--r--r-- 1 root root 6354 3. Jul 23:25 config.gz
hydra proc $ chown joerg config.gz
hydra proc $ ls -la config.gz
-r--r--r-- 1 joerg root 6354 3. Jul 23:25 config.gz
hydra proc $ chown root config.gz
hydra proc $ ls -la config.gz
-r--r--r-- 1 root root 6354 3. Jul 23:26 config.gz
hydra proc $ chmod o+x config.gz
hydra proc $ ls -la config.gz
-r--r--r-x 1 root root 6354 3. Jul 23:46 config.gz
hydra proc $
SuSE mentioned this bug in
http://article.gmane.org/gmane.comp.security.bugtraq/12316, so there should
be a patch around.
Jörg
--
Fachbegriffe der Informatik (Nr 369): Ursache
- Ursächlich war, dass Windows nicht neu gestartet wurde.
Michael Scheer
---------------------------------------
Received: (at 257504-close) by bugs.debian.org; 8 Jul 2004 07:49:31 +0000
>From [EMAIL PROTECTED] Thu Jul 08 00:49:31 2004
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BiTes-0004en-00; Thu, 08 Jul 2004 00:49:30 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1BiTd7-00075w-00; Thu, 08 Jul 2004 03:47:41 -0400
From: Sven Luther <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.51 $
Subject: Bug#257504: fixed in kernel-source-2.6.7 2.6.7-3
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 08 Jul 2004 03:47:41 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
X-CrossAssassin-Score: 2
Source: kernel-source-2.6.7
Source-Version: 2.6.7-3
We believe that the bug you reported is fixed in the latest version of
kernel-source-2.6.7, which is due to be installed in the Debian FTP archive:
kernel-doc-2.6.7_2.6.7-3_all.deb
to pool/main/k/kernel-source-2.6.7/kernel-doc-2.6.7_2.6.7-3_all.deb
kernel-patch-debian-2.6.7_2.6.7-3_all.deb
to pool/main/k/kernel-source-2.6.7/kernel-patch-debian-2.6.7_2.6.7-3_all.deb
kernel-source-2.6.7_2.6.7-3.diff.gz
to pool/main/k/kernel-source-2.6.7/kernel-source-2.6.7_2.6.7-3.diff.gz
kernel-source-2.6.7_2.6.7-3.dsc
to pool/main/k/kernel-source-2.6.7/kernel-source-2.6.7_2.6.7-3.dsc
kernel-source-2.6.7_2.6.7-3_all.deb
to pool/main/k/kernel-source-2.6.7/kernel-source-2.6.7_2.6.7-3_all.deb
kernel-tree-2.6.7_2.6.7-3_all.deb
to pool/main/k/kernel-source-2.6.7/kernel-tree-2.6.7_2.6.7-3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Sven Luther <[EMAIL PROTECTED]> (supplier of updated kernel-source-2.6.7
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 7 Jul 2004 18:12:20 +0200
Source: kernel-source-2.6.7
Binary: kernel-source-2.6.7 kernel-tree-2.6.7 kernel-patch-debian-2.6.7
kernel-doc-2.6.7
Architecture: source all
Version: 2.6.7-3
Distribution: unstable
Urgency: low
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: Sven Luther <[EMAIL PROTECTED]>
Description:
kernel-doc-2.6.7 - Linux kernel specific documentation for version 2.6.7
kernel-patch-debian-2.6.7 - Debian patches to Linux 2.6.7
kernel-source-2.6.7 - Linux kernel source for version 2.6.7 with Debian patches
kernel-tree-2.6.7 - Linux kernel tree for building prepackaged Debian kernel
images
Closes: 256064 257504
Changes:
kernel-source-2.6.7 (2.6.7-3) unstable; urgency=low
.
* Upgraded the fs-asfs patch to 1.0beta7 (Jens Schmalzing).
.
* Updated README.NMU to explain the new build process based on split
patches and dpatch (Jens Schmalzing).
.
* Added chown security fixes (closes: Bug#257504) (Christoph Hellwig).
.
* Dropped modular-swsusp, doesn't work and unmaintained (Christoph Hellwig).
.
* Added 3ware SATA-RAID driver, backported from mainline (Christoph Hellwig).
.
* Update XFS to most current upstream BK version (Christoph Hellwig).
.
* Added Marvell Ethernet driver (closes: Bug#256064) (Christoph Hellwig).
.
* Added a backport of the netfilter signed char fix (Christoph Hellwig).
Files:
6d4c6d3873e9bb06c8a6288aefb2bf43 874 devel optional
kernel-source-2.6.7_2.6.7-3.dsc
e17ebeebefafe45a1b1fa3aa910a0dec 580894 devel optional
kernel-source-2.6.7_2.6.7-3.diff.gz
af59f85b2106a507048f0937b9291c7e 238940 devel optional
kernel-patch-debian-2.6.7_2.6.7-3_all.deb
a7df2060b6abdfdfcd23d000e91c9203 284360 devel optional
kernel-tree-2.6.7_2.6.7-3_all.deb
117cfd68ee3286f579cb37594f60276b 34359450 devel optional
kernel-source-2.6.7_2.6.7-3_all.deb
27f1ecb7ff6d40da7f4f73059c25bca6 6060702 doc optional
kernel-doc-2.6.7_2.6.7-3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA7O402WTeT3CRQaQRAvNKAJ9avyW9wbmrGRIiJCyPBs9HPXG4pQCdGjyE
exQi1t2AipanJc00NYzOuCY=
=hA35
-----END PGP SIGNATURE-----
