Your message dated Mon, 01 Sep 2008 13:47:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#485948: fixed in net-snmp 5.4.1~dfsg-9
has caused the Debian Bug report #485948,
regarding snmpd: should really handle the set GID option better and possible
security problem
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
485948: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485948
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: snmpd
Version: 5.3.1-8
Severity: standard
Tags: security
Coin,
When you add "-g snmpgroup" option in SNMPDOPTS variable in
'/etc/default/snmpd', the SNMP daemon should switch to this group, but
it only works with numeric IDs. According to the manual page, this is
the correct behavior, even if this is not logical as the "-u" option is
more flexible. Whatever, it should complains in the log loudly and
refuse to run, as it is a security threat to run without administrator's
wanted permissions.
I wonder why the snmpd_set_agent_group function is not used in
agent/snmpd.c (line 580) instead of calling netsnmp_ds_set_int
directly. This function checks for group names and properly advertise in
the logs when the group name or group id is not found.
In the meanwhile, but i may be wrong, it seems the "-u" option only
change the running uid, without changing the gid (around line 972 in
agent/snmpd.c), leaving it to "rrot" if no "-g" option is used. So the
"-u snmp" default in Debian is probably not sufficient to ensure a good
security level.
Could you have a look and tell me your opinion ?
--
Marc Dequènes
Homepage: http://www.proformatique.com/
Proformatique - 67 rue Voltaire - 92800 Puteaux
Tel. : 01 41 38 99 64 - Fax. : 01 41 38 99 70
pgpmSKC0d80j3.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: net-snmp
Source-Version: 5.4.1~dfsg-9
We believe that the bug you reported is fixed in the latest version of
net-snmp, which is due to be installed in the Debian FTP archive:
libsnmp-base_5.4.1~dfsg-9_all.deb
to pool/main/n/net-snmp/libsnmp-base_5.4.1~dfsg-9_all.deb
libsnmp-dev_5.4.1~dfsg-9_sparc.deb
to pool/main/n/net-snmp/libsnmp-dev_5.4.1~dfsg-9_sparc.deb
libsnmp-perl_5.4.1~dfsg-9_sparc.deb
to pool/main/n/net-snmp/libsnmp-perl_5.4.1~dfsg-9_sparc.deb
libsnmp-python_5.4.1~dfsg-9_sparc.deb
to pool/main/n/net-snmp/libsnmp-python_5.4.1~dfsg-9_sparc.deb
libsnmp15_5.4.1~dfsg-9_sparc.deb
to pool/main/n/net-snmp/libsnmp15_5.4.1~dfsg-9_sparc.deb
net-snmp_5.4.1~dfsg-9.diff.gz
to pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-9.diff.gz
net-snmp_5.4.1~dfsg-9.dsc
to pool/main/n/net-snmp/net-snmp_5.4.1~dfsg-9.dsc
snmp_5.4.1~dfsg-9_sparc.deb
to pool/main/n/net-snmp/snmp_5.4.1~dfsg-9_sparc.deb
snmpd_5.4.1~dfsg-9_sparc.deb
to pool/main/n/net-snmp/snmpd_5.4.1~dfsg-9_sparc.deb
tkmib_5.4.1~dfsg-9_all.deb
to pool/main/n/net-snmp/tkmib_5.4.1~dfsg-9_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jochen Friedrich <[EMAIL PROTECTED]> (supplier of updated net-snmp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 29 Aug 2008 18:13:49 +0200
Source: net-snmp
Binary: snmpd snmp libsnmp-base libsnmp15 libsnmp-dev libsnmp-perl
libsnmp-python tkmib
Architecture: source all sparc
Version: 5.4.1~dfsg-9
Distribution: unstable
Urgency: low
Maintainer: Net-SNMP Packaging Team <[EMAIL PROTECTED]>
Changed-By: Jochen Friedrich <[EMAIL PROTECTED]>
Description:
libsnmp-base - SNMP (Simple Network Management Protocol) MIBs and documentation
libsnmp-dev - SNMP (Simple Network Management Protocol) development files
libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support
libsnmp-python - SNMP (Simple Network Management Protocol) Python support
libsnmp15 - SNMP (Simple Network Management Protocol) library
snmp - SNMP (Simple Network Management Protocol) applications
snmpd - SNMP (Simple Network Management Protocol) agents
tkmib - SNMP (Simple Network Management Protocol) MIB browser
Closes: 441871 468577 485945 485948 491778 493281 494118
Changes:
net-snmp (5.4.1~dfsg-9) unstable; urgency=low
.
* Ack NMU (Closes: #485945)
* Updated standards version to 3.8.0 (no changes)
* Update debconf translations:
o sv: Martin Bagge <[EMAIL PROTECTED]> (Closes: #491778)
o ja: Hideki Yamane (Debian-JP) <[EMAIL PROTECTED]> (Closes: #494118)
* Add patch to support -g {groupname} (Closes: #441871, #468577, #485948)
* Add official patch to suppress annoying warning in syslog (Closes: #493281)
* Fix default stop section in LSB header of start script.
Checksums-Sha1:
6140a02da0694bf1724b598a4c2bf7fc11e5e1b6 1779 net-snmp_5.4.1~dfsg-9.dsc
56ae44a554a72fcd001075b3eef87d05bf8dcf82 80997 net-snmp_5.4.1~dfsg-9.diff.gz
b71d4cd8075661f61b0051a0d72b6c924f4df14f 1368908
libsnmp-base_5.4.1~dfsg-9_all.deb
15dc7f3688f63460af4db50d03ae7a0853376d0a 943518 tkmib_5.4.1~dfsg-9_all.deb
8f434218656d5adb3a53300729f2accce3ae09e8 957432 snmpd_5.4.1~dfsg-9_sparc.deb
a203a29f49fc765ded1564bdb5cb3b185fe82516 1040898 snmp_5.4.1~dfsg-9_sparc.deb
f78a2d42e00f339a69d8b841e3e91e77d85f7cba 2012198
libsnmp15_5.4.1~dfsg-9_sparc.deb
0ba03cb54c9aa2642dcf6f62da7120f2553ae615 2623006
libsnmp-dev_5.4.1~dfsg-9_sparc.deb
9adc5eeda52ec82895ec4da86d42eae7e90c1ed8 1025654
libsnmp-perl_5.4.1~dfsg-9_sparc.deb
c7eba8a821667251d0f832404ee255e83b96e960 917502
libsnmp-python_5.4.1~dfsg-9_sparc.deb
Checksums-Sha256:
985c46e2896f473c505615d53574ea9282bfd02ed0f8cb674ae697e4b3b65bff 1779
net-snmp_5.4.1~dfsg-9.dsc
cdc417b29145bbb6d31a0e241ac11a47a11fc573797004b359dc6bd388eb1fbf 80997
net-snmp_5.4.1~dfsg-9.diff.gz
d9318fdc9582b4d898873205153daf3fbd5fbd8bf17dcb9ea9ebd4ae924e1263 1368908
libsnmp-base_5.4.1~dfsg-9_all.deb
822e96cc4393348093ffe84bfbcd4dfb9b42d00615e12e27e6bbb5dcf142c0ca 943518
tkmib_5.4.1~dfsg-9_all.deb
1336d35645ee070b90a346c7598a5cb6647d6ffe41517a86d5727fe34b80267f 957432
snmpd_5.4.1~dfsg-9_sparc.deb
000c12758cac98269a77a22558646c73a3cafa4c8014826bcdd8c4b7fb6180f0 1040898
snmp_5.4.1~dfsg-9_sparc.deb
ec54fc2462adae899bd9320694012c21b1526a46dbefbe1994ecc7327447dee5 2012198
libsnmp15_5.4.1~dfsg-9_sparc.deb
d536b64d742e6ae99f55fd18fb9076fa11e76fdee8b6b06818b2babce842a734 2623006
libsnmp-dev_5.4.1~dfsg-9_sparc.deb
06744671babec0a332bf7d7081caad2090b015fca8252cd5cbd948ac38d8a6b3 1025654
libsnmp-perl_5.4.1~dfsg-9_sparc.deb
67de27eb01f5f782984f3e310821c6734c73bba7abbf656e912305c2978c4565 917502
libsnmp-python_5.4.1~dfsg-9_sparc.deb
Files:
e13a1572a73948a33a3058099651a677 1779 net optional net-snmp_5.4.1~dfsg-9.dsc
c8b1d874573505fd8b5d34303d8757a4 80997 net optional
net-snmp_5.4.1~dfsg-9.diff.gz
8daf46524133c69368ef89930bae963d 1368908 libs optional
libsnmp-base_5.4.1~dfsg-9_all.deb
49f9f987a3f0e7fb60bfc879f1a391d7 943518 net optional tkmib_5.4.1~dfsg-9_all.deb
d7824e16f9d040a2e7dec66bf435316f 957432 net optional
snmpd_5.4.1~dfsg-9_sparc.deb
a7f8288da468b4107ed6104da08c0b11 1040898 net optional
snmp_5.4.1~dfsg-9_sparc.deb
4f4761a01580d0cdcbd039f01aa51fd5 2012198 libs optional
libsnmp15_5.4.1~dfsg-9_sparc.deb
ebb3ab56b747cb0f80e4888a3cebd09a 2623006 libdevel optional
libsnmp-dev_5.4.1~dfsg-9_sparc.deb
464f216714c0542df1de777439ebd25d 1025654 perl optional
libsnmp-perl_5.4.1~dfsg-9_sparc.deb
4b01d06f513d2ead8c1af438ed39760c 917502 python optional
libsnmp-python_5.4.1~dfsg-9_sparc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIu+7K0fhX0Y/ocz0RAjpzAKCbPbLMqYwkLHd1itXPwvuG5ms20gCeJGbN
d4feIRMyuKdANsm+2lN2ERY=
=z0PK
-----END PGP SIGNATURE-----
--- End Message ---
