Your message dated Sat, 25 Jun 2005 21:02:28 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#311880: fixed in ipkungfu 0.5.2-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Jun 2005 00:36:17 +0000
>From [EMAIL PROTECTED] Fri Jun 03 17:36:17 2005
Return-path: <[EMAIL PROTECTED]>
Received: from master.debian.org [146.82.138.7]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DeMe9-0002vP-00; Fri, 03 Jun 2005 17:36:17 -0700
Received: from ip059.subnet65.gci-net.com ([127.0.0.1]) [216.183.65.59]
by master.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DeMe8-000710-00; Fri, 03 Jun 2005 19:36:17 -0500
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: [EMAIL PROTECTED]
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: Did ipkungfu drop-kick my system?
X-Mailer: reportbug 3.8
Date: Fri, 03 Jun 2005 17:36:16 -0700
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.4 required=4.0 tests=BAYES_00,HAS_PACKAGE,
NO_REAL_NAME,OUR_MTA_MSGID,X_DEBBUGS_CC autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: ipkungfu
Severity: grave
Tags: security
Justification: user security hole
i rarely file grave severity but i think this is warranted because
even unstable users must know what a firewall is doing. feel free to
wishlist it or whatever you want if contrary to appearances it's not
actually a potential security hole. i do not want to reinstall. see
below.
errors in purging lower confidence. how does a user know for sure,
without reading the scripts in detail, whether ipkungfu didn't change
scripts in such a way that the next reboot will change the firewall?
could there be any files left lying around in /etc?
the description field does not say that iptables affects the system
simply by installing it. see also bug 311868.
the user cannot assume that it installs a firewall or exactly how or
where it does it or whether or how it is reversible. remember that
different users install firewalls in different ways, and there are
different places for various scripts (upon boot, upon ipup, etc.).
ipkungfu also does not tell the user what it is doing when it is
installed or purged. then it produces an error. i would examine the
scripts if i could, but cannot now. does it leave a firewall in a
different state? if so how does it know that it is more secure than
whatever the user is already running? does it know what servers are
running?
i was installing ipkungfu just to look at its documentation. please
change the description field, fix the init.d bugs, and have the init.d
script be more verbose.
please also document, perhaps in the changelog, for users who
experienced this problem exactly what was done and whether anything
needs to be done to clean up.
to somebody who knows what ipkungfu is doing, this might seem like an
overreaction. but please look at it from the perspective of somebody
who does not. you and i know to search for the install and purge
scripts, but many people do not. Remember, the doc says:
... can be also used by people that have only limited
knowledge of proper security and IP filtering practices.
Thanks.
Starting ipkungfu: Checking configuration...
Loading IRC connection tracking module...
#will loading modules change kernel operation or is it only a set of calls?
Loading IRC NAT module...
ULOG kernel support detected!
#huh?
/usr/sbin/ipkungfu: line 928: /proc/sys/net/ipv4/tcp_syncookies: No such file
or directory
Clearing old chains and tables...
#some users won't know that this means actual change rather than something
internal
Implementing custom rules...
ipkungfu.
....
0 03-Fri-16-34-24 ~# dpkg-reconfigure ipkungfu
Stopping ipkungfu: invoke-rc.d: initscript ipkungfu, action "stop" failed.
#hmm
Starting ipkungfu: Checking configuration...
ULOG kernel support detected!
#what is that?
/usr/sbin/ipkungfu: line 928: /proc/sys/net/ipv4/tcp_syncookies: No such file
or directory
Clearing old chains and tables...
Implementing custom rules...
ipkungfu.
0 03-Fri-16-34-35 ~# /etc/init.d/ip
ipkungfu* iptables*
0 03-Fri-16-34-35 ~# /etc/init.d/ipkungfu stop
Stopping ipkungfu: 1 03-Fri-16-35-17 ~#
1 03-Fri-16-35-19 ~# /etc/init.d/ipkungfu stop
Stopping ipkungfu: 1 03-Fri-16-35-20 ~#
1 03-Fri-16-35-21 ~# aptitude purge ipkungfu
Reading Package Lists... Done
Building Dependency Tree
Reading extended state information
Initializing package states... Done
The following packages have been kept back:
xserver-xfree86
The following packages will be REMOVED:
ipkungfu
0 packages upgraded, 0 newly installed, 1 to remove and 1 not upgraded.
Need to get 0B of archives. After unpacking 205kB will be freed.
Do you want to continue? [Y/n/?]
Writing extended state information... Done
(Reading database ... 144114 files and directories currently installed.)
Removing ipkungfu ...
Stopping ipkungfu: invoke-rc.d: initscript ipkungfu, action "stop" failed.
#well ok then :-(
Purging configuration files for ipkungfu ...
Reading Package Lists... Done
Building Dependency Tree
Reading extended state information
Initializing package states... Done
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.11--from-2.6.9-proc-config-and-menuconfig
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages ipkungfu depends on:
ii iproute 20041019-3 Professional tools to control the
ii iptables 1.2.11-10 Linux kernel 2.4+ iptables adminis
---------------------------------------
Received: (at 311880-close) by bugs.debian.org; 26 Jun 2005 01:08:05 +0000
>From [EMAIL PROTECTED] Sat Jun 25 18:08:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DmLcz-0006NA-00; Sat, 25 Jun 2005 18:08:05 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DmLXY-0008Ra-00; Sat, 25 Jun 2005 21:02:28 -0400
From: Nigel Jones <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#311880: fixed in ipkungfu 0.5.2-4
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 25 Jun 2005 21:02:28 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: ipkungfu
Source-Version: 0.5.2-4
We believe that the bug you reported is fixed in the latest version of
ipkungfu, which is due to be installed in the Debian FTP archive:
ipkungfu_0.5.2-4.diff.gz
to pool/main/i/ipkungfu/ipkungfu_0.5.2-4.diff.gz
ipkungfu_0.5.2-4.dsc
to pool/main/i/ipkungfu/ipkungfu_0.5.2-4.dsc
ipkungfu_0.5.2-4_i386.deb
to pool/main/i/ipkungfu/ipkungfu_0.5.2-4_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nigel Jones <[EMAIL PROTECTED]> (supplier of updated ipkungfu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 24 Jun 2005 21:28:58 +1200
Source: ipkungfu
Binary: ipkungfu
Architecture: source i386
Version: 0.5.2-4
Distribution: unstable
Urgency: low
Maintainer: Nigel Jones <[EMAIL PROTECTED]>
Changed-By: Nigel Jones <[EMAIL PROTECTED]>
Description:
ipkungfu - iptables-based Linux firewall
Closes: 311880 315074 315076
Changes:
ipkungfu (0.5.2-4) unstable; urgency=low
.
* altered init.d to check for real defaults file (Closes: #315076)
* changed ipkungfu install to create above meantioned defaults file, to stop
major system problems (i.e. making
it in accessible) (Closes: #315074, #311880)
Files:
deee9c6628923220cd0afaa43916cdec 563 net optional ipkungfu_0.5.2-4.dsc
9800b66539ad1135336eba4109cf2c89 7488 net optional ipkungfu_0.5.2-4.diff.gz
daa786bc7d06a8995fc45af26954d07f 34332 net optional ipkungfu_0.5.2-4_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCvftbgY5NIXPNpFURAvw2AKCVgoCDdumU+FjOaIXFJeNvmaU72gCeMHLj
NlZi/hqKZFGCuyD3rHRkLzI=
=uDei
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
