Bug#274981: marked as done (secvpn: doesn't let to run pppd and its secvpnmon via sudo)

Mon, 28 Feb 2005 09:08:29 -0800 

Your message dated Mon, 28 Feb 2005 11:47:23 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#274981: fixed in secvpn 2.19
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Oct 2004 06:56:02 +0000
>From [EMAIL PROTECTED] Mon Oct 04 23:56:02 2004
Return-path: <[EMAIL PROTECTED]>
Received: from ravana.rutgers.edu [165.230.95.119] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1CEjEv-0006aH-00; Mon, 04 Oct 2004 23:56:01 -0700
Received: from yoh by ravana.rutgers.edu with local (Exim 3.36 #1 (Debian))
        id 1CEjER-0006V8-00
        for <[EMAIL PROTECTED]>; Tue, 05 Oct 2004 02:55:31 -0400
From: Yaroslav Halchenko <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: secvpn: doesn't let to run pppd and its secvpnmon via sudo
X-Debbugs-CC: Yaroslav Halchenko <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Sender: Yaroslav Halchenko <[EMAIL PROTECTED]>
Date: Tue, 05 Oct 2004 02:55:31 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-9.4 required=4.0 tests=BAYES_00,HAS_PACKAGE,
        UPPERCASE_25_50,X_DEBBUGS_CC autolearn=ham 
        version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: secvpn
Severity: wishlist

I am suggesting to apply the supplied patch so it can be easily setup
via non-root login + sudo on pppd nd secvpnmon executables only.

Another hint which I make use of on my laptop, but which can be
applicable for others single active user boxes - is to don't create a
root not secured by passphrase key but rather attach to the running
SSH agent via simple command in secvpn.conf

export SSH_AGENT_PID=`/bin/ps h -C ssh-agent -o pid|head -1` 
SSH_AUTH_SOCK=`/bin/ls /tmp/ssh*/agent*|head -1`
export SSH_OPTS='-l USER'

And here is the patch

--- /usr/sbin/secvpn.orig       2004-10-05 00:36:54.000000000 -0400
+++ /usr/sbin/secvpn    2004-10-05 00:44:33.000000000 -0400
@@ -110,10 +110,10 @@
       [ "$NOTHING" ] || /usr/sbin/pppd $T_CRYPT_IP:$O_CRYPT_IP $PPP_OPTS \
          netmask $CRYPT_MASK pty \
         "ssh $SSH_OPTS -t -o 'BatchMode yes' $O_BAD_IP \
-        /usr/sbin/pppd $O_CRYPT_IP:$T_CRYPT_IP $PPP_OPTS passive"
+        $ROOTCMD /usr/sbin/pppd $O_CRYPT_IP:$T_CRYPT_IP $PPP_OPTS passive"
       if [ "$RECURSIVE" ]; then
         [ "$VERBOSE" ] && echo -e "Starting recursive on $OTHER_IS\r"
-        [ "$NOTHING" ] || ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP 
/usr/sbin/secvpn \
+        [ "$NOTHING" ] || ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP $ROOTCMD 
/usr/sbin/secvpn \
          $RECURSIVE $VERBOSE start
       fi
     fi
@@ -152,12 +152,12 @@
       fi
     fi
     [ "$NOTHING" ] || 
-      ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP /usr/sbin/secvpn $VERBOSE 
routeadd \
+      ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP $ROOTCMD /usr/sbin/secvpn 
$VERBOSE routeadd \
         $THIS_IS $CONNECTED|| exit $?
 
     if [ "$RECURSIVE" ]; then
       [ "$VERBOSE" ] && echo -e "Routeadd recursive on $OTHER_IS\r"
-      [ "$NOTHING" ] || ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP 
/usr/sbin/secvpn \
+      [ "$NOTHING" ] || ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP $ROOTCMD 
/usr/sbin/secvpn \
          $RECURSIVE $VERBOSE routeadd
     fi
   fi
@@ -197,7 +197,7 @@
   if [ "$ROLE" = "ACTIVE" ]; then
     if [ "$RECURSIVE" ]; then
       [ "$VERBOSE" ] && echo -e "Testing recursive on $OTHER_IS\r"
-      [ "$NOTHING" ] || ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP 
/usr/sbin/secvpn \
+      [ "$NOTHING" ] || ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP $ROOTCMD 
/usr/sbin/secvpn \
         $RECURSIVE $VERBOSE status
     fi
   fi
@@ -255,11 +255,11 @@
   if [ "$ROLE" = "ACTIVE" ]; then
     [ "$VERBOSE" ] && echo -e "ask remote $OTHER_IS ($O_BAD_IP) to stop\r"
     [ "$NOTHING" ] || 
-      ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP /usr/sbin/secvpn $VERBOSE 
stop $THIS_IS
+      ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP $ROOTCMD /usr/sbin/secvpn 
$VERBOSE stop $THIS_IS
 
     if [ "$RECURSIVE" ]; then
       [ "$VERBOSE" ] && echo -e "Stopping recursive on $OTHER_IS\r"
-      [ "$NOTHING" ] || ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP 
/usr/sbin/secvpn \
+      [ "$NOTHING" ] || ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP $ROOTCMD 
/usr/sbin/secvpn \
         $RECURSIVE $VERBOSE stop
     fi
   fi
@@ -279,11 +279,11 @@
   if [ "$ROLE" = "ACTIVE" ]; then
     [ "$VERBOSE" ] && echo -e "ask remote $OTHER_IS to delete back route\r"
     [ "$NOTHING" ] || 
-      ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP /usr/sbin/secvpn $VERBOSE 
routedel $THIS_IS
+      ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP $ROOTCMD /usr/sbin/secvpn 
$VERBOSE routedel $THIS_IS
 
     if [ "$RECURSIVE" ]; then
       [ "$VERBOSE" ] && echo -e "Routedel recursive on $OTHER_IS\r"
-      [ "$NOTHING" ] || ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP 
/usr/sbin/secvpn \
+      [ "$NOTHING" ] || ssh $SSH_OPTS -o 'BatchMode yes' $O_BAD_IP $ROOTCMD 
/usr/sbin/secvpn \
          $RECURSIVE $VERBOSE routedel
     fi
   fi
@@ -315,6 +315,7 @@
 # The next 2 lines could be overwritten in Conffile.
 PPP_OPTS="noaccomp nobsdcomp noccp nopcomp novj nodeflate novjccomp"
 SSH_OPTS="-c blowfish"
+ROOTCMD=""
 
 . $CONF
 . $LIB


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8.1
Locale: LANG=C, LC_CTYPE=C


--Yarik

---------------------------------------
Received: (at 274981-close) by bugs.debian.org; 28 Feb 2005 16:53:05 +0000
>From [EMAIL PROTECTED] Mon Feb 28 08:53:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1D5o8n-0006tx-00; Mon, 28 Feb 2005 08:53:05 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
        id 1D5o3H-0001Qi-00; Mon, 28 Feb 2005 11:47:23 -0500
From: Bernd Schumacher <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#274981: fixed in secvpn 2.19
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 28 Feb 2005 11:47:23 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Source: secvpn
Source-Version: 2.19

We believe that the bug you reported is fixed in the latest version of
secvpn, which is due to be installed in the Debian FTP archive:

secvpn_2.19.dsc
  to pool/main/s/secvpn/secvpn_2.19.dsc
secvpn_2.19.tar.gz
  to pool/main/s/secvpn/secvpn_2.19.tar.gz
secvpn_2.19_all.deb
  to pool/main/s/secvpn/secvpn_2.19_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Bernd Schumacher <[EMAIL PROTECTED]> (supplier of updated secvpn package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 23 Feb 2005 15:03:58 +0100
Source: secvpn
Binary: secvpn
Architecture: source all
Version: 2.19
Distribution: unstable
Urgency: low
Maintainer: Bernd Schumacher <[EMAIL PROTECTED]>
Changed-By: Bernd Schumacher <[EMAIL PROTECTED]>
Description: 
 secvpn     - Secure Virtual Private Network
Closes: 274981
Changes: 
 secvpn (2.19) unstable; urgency=low
 .
   * sudo patch from Yaroslav Halchenko <[EMAIL PROTECTED]> added, to
   let pppd and its secvpnmon run via sudo. Closes: #274981
Files: 
 5b46cf51229ce4d78815853ce4f2a468 529 net optional secvpn_2.19.dsc
 4e661aecc6f43437bc201711b9faa288 217832 net optional secvpn_2.19.tar.gz
 757ba47c0f41f4e36313961e6503dba1 223308 net optional secvpn_2.19_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCI0fyINZoglnvXbwRAriPAJ91wQquoF6tykNbx7eoWBgJc61eZACdGDfx
a+DfHrftl27JRfKhu71SPTE=
=1LV0
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to