Your message dated Thu, 31 Mar 2011 23:03:14 +0000
with message-id <[email protected]>
and subject line Bug#612608: fixed in openafs 1.6.0~pre4-1
has caused the Debian Bug report #612608,
regarding Update documentation to reflect change in default suid behaviour
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
612608: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612608
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openafs-client
Version: 1.4.12.1+dfsg-3
Severity: wishlist
Tags: patch
It would be nice to configure a system's home cell to be set nosuid
(as per <http://docs.openafs.org/AdminGuide/ch10s07.html>).
We accomplish this with the following patch to the init script. I suppose
ideally there would be a debconf question asking whether to set the home
cell to be SUID and then populating /etc/openafs/afs.conf.client
accordingly.
Dominic.
>From a0bc723c4f39b5c4648bee429ec3596517d51139 Mon Sep 17 00:00:00 2001
From: Dominic Hargreaves <[email protected]>
Date: Wed, 9 Feb 2011 14:37:58 +0000
Subject: [PATCH] Set configured cells to be nosuid
---
debian/openafs-client.init | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/debian/openafs-client.init b/debian/openafs-client.init
index 6954e52..e62fb26 100755
--- a/debian/openafs-client.init
+++ b/debian/openafs-client.init
@@ -167,6 +167,10 @@ start_client() {
fs setcrypt on
fi
+ if [ -n "$AFS_NOSUID" ]; then
+ fs setcell -cell "$AFS_NOSUID" -nosuid
+ fi
+
# From /etc/openafs/afs.conf, set a sysname list if one was configured.
if [ -n "$AFS_SYSNAME" ] ; then
fs sysname $AFS_SYSNAME
--
1.7.2.3
--- End Message ---
--- Begin Message ---
Source: openafs
Source-Version: 1.6.0~pre4-1
We believe that the bug you reported is fixed in the latest version of
openafs, which is due to be installed in the Debian FTP archive:
libafsauthent1_1.6.0~pre4-1_i386.deb
to main/o/openafs/libafsauthent1_1.6.0~pre4-1_i386.deb
libafsrpc1_1.6.0~pre4-1_i386.deb
to main/o/openafs/libafsrpc1_1.6.0~pre4-1_i386.deb
libkopenafs1_1.6.0~pre4-1_i386.deb
to main/o/openafs/libkopenafs1_1.6.0~pre4-1_i386.deb
libopenafs-dev_1.6.0~pre4-1_i386.deb
to main/o/openafs/libopenafs-dev_1.6.0~pre4-1_i386.deb
libpam-openafs-kaserver_1.6.0~pre4-1_i386.deb
to main/o/openafs/libpam-openafs-kaserver_1.6.0~pre4-1_i386.deb
openafs-client_1.6.0~pre4-1_i386.deb
to main/o/openafs/openafs-client_1.6.0~pre4-1_i386.deb
openafs-dbg_1.6.0~pre4-1_i386.deb
to main/o/openafs/openafs-dbg_1.6.0~pre4-1_i386.deb
openafs-dbserver_1.6.0~pre4-1_i386.deb
to main/o/openafs/openafs-dbserver_1.6.0~pre4-1_i386.deb
openafs-doc_1.6.0~pre4-1_all.deb
to main/o/openafs/openafs-doc_1.6.0~pre4-1_all.deb
openafs-fileserver_1.6.0~pre4-1_i386.deb
to main/o/openafs/openafs-fileserver_1.6.0~pre4-1_i386.deb
openafs-fuse_1.6.0~pre4-1_i386.deb
to main/o/openafs/openafs-fuse_1.6.0~pre4-1_i386.deb
openafs-kpasswd_1.6.0~pre4-1_i386.deb
to main/o/openafs/openafs-kpasswd_1.6.0~pre4-1_i386.deb
openafs-krb5_1.6.0~pre4-1_i386.deb
to main/o/openafs/openafs-krb5_1.6.0~pre4-1_i386.deb
openafs-modules-dkms_1.6.0~pre4-1_all.deb
to main/o/openafs/openafs-modules-dkms_1.6.0~pre4-1_all.deb
openafs-modules-source_1.6.0~pre4-1_all.deb
to main/o/openafs/openafs-modules-source_1.6.0~pre4-1_all.deb
openafs_1.6.0~pre4-1.diff.gz
to main/o/openafs/openafs_1.6.0~pre4-1.diff.gz
openafs_1.6.0~pre4-1.dsc
to main/o/openafs/openafs_1.6.0~pre4-1.dsc
openafs_1.6.0~pre4.orig.tar.gz
to main/o/openafs/openafs_1.6.0~pre4.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Russ Allbery <[email protected]> (supplier of updated openafs package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 31 Mar 2011 15:00:04 -0700
Source: openafs
Binary: openafs-client openafs-fuse openafs-kpasswd openafs-fileserver
openafs-dbserver openafs-doc openafs-krb5 libkopenafs1 libafsauthent1
libafsrpc1 libopenafs-dev openafs-modules-source openafs-modules-dkms
libpam-openafs-kaserver openafs-dbg
Architecture: source i386 all
Version: 1.6.0~pre4-1
Distribution: unstable
Urgency: low
Maintainer: Russ Allbery <[email protected]>
Changed-By: Russ Allbery <[email protected]>
Description:
libafsauthent1 - AFS distributed file system runtime library (authentication)
libafsrpc1 - AFS distributed file system runtime library (RPC layer)
libkopenafs1 - AFS distributed file system runtime library (PAGs)
libopenafs-dev - AFS distributed filesystem development libraries
libpam-openafs-kaserver - AFS distributed filesystem kaserver PAM module
openafs-client - AFS distributed filesystem client support
openafs-dbg - AFS distributed filesystem debugging information
openafs-dbserver - AFS distributed filesystem database server
openafs-doc - AFS distributed filesystem documentation
openafs-fileserver - AFS distributed filesystem file server
openafs-fuse - AFS distributed file system experimental FUSE client
openafs-kpasswd - AFS distributed filesystem old password changing
openafs-krb5 - AFS distributed filesystem Kerberos 5 integration
openafs-modules-dkms - AFS distributed filesystem kernel module DKMS source
openafs-modules-source - AFS distributed filesystem kernel module source
Closes: 612608
Changes:
openafs (1.6.0~pre4-1) unstable; urgency=low
.
* Upload to unstable.
* New upstream prerelease.
- Fix file descriptor leak in the file server that could result in
corrupted files.
- Properly support large volume numbers.
- Document current client setuid behavior. (Closes: #612608)
- Allow salvager to be run manually with demand-attach servers.
- Properly report setpag() errors.
* Apply upstream deltas:
- [1e322b88] Linux: 2.6.39: deal with BKL removal
- [a8aa6f42] Linux: 2.6.39: replace path_lookup with kern_path
* Declare optional dependencies in the openafs-client init script on
openafs-fileserver so that, if the same host is running both a
fileserver and a client, the fileserver starts before and stops after
the client.
Checksums-Sha1:
941f95591040b8a17b78a6cfb4f7dd4c8913f33e 1998 openafs_1.6.0~pre4-1.dsc
2668d416421d60bc600d2439d096a9f2cec9de6f 9067334 openafs_1.6.0~pre4.orig.tar.gz
db10468ec61f8519e5c3bb70ee59aeefb2718702 144019 openafs_1.6.0~pre4-1.diff.gz
e214facda5f4ce777e7f74da3a1d313e60025621 3351292
openafs-client_1.6.0~pre4-1_i386.deb
09fa624df094c29082374c3d8cc076fd81cbb3c8 265380
openafs-fuse_1.6.0~pre4-1_i386.deb
85d8312aacef1ef9475ef571d2640b53feb0c532 288610
openafs-kpasswd_1.6.0~pre4-1_i386.deb
5a4f2620ff65d1841fcaac448f6c1aaad42c1e6d 2934006
openafs-fileserver_1.6.0~pre4-1_i386.deb
4f75a2d42a6ea086e078182183d5ff28785df7c7 667668
openafs-dbserver_1.6.0~pre4-1_i386.deb
89c18f19d80da56e8e868ec7ad204d96d2457d4a 4702674
openafs-doc_1.6.0~pre4-1_all.deb
dfe84e8504c1cd0c1f3d7b4f2497b1e0b671a503 314748
openafs-krb5_1.6.0~pre4-1_i386.deb
6ec99a56491d117765dc420ec848b9d95d8c38e4 75528
libkopenafs1_1.6.0~pre4-1_i386.deb
5036bcf0660d6c38107a4dc43745be71f580f2a3 142732
libafsauthent1_1.6.0~pre4-1_i386.deb
c56804ca721cc3a0ccf7a3429e3f27331fc5c741 202086
libafsrpc1_1.6.0~pre4-1_i386.deb
2d98c3165c26b5f5c5e830667797fcc8b90c2a93 2483798
libopenafs-dev_1.6.0~pre4-1_i386.deb
ea4c60a0be451520cceb4c04a90a72fe51079987 1097806
openafs-modules-source_1.6.0~pre4-1_all.deb
be1022009fff114b98846425616920cdfdde025a 1338744
openafs-modules-dkms_1.6.0~pre4-1_all.deb
3afccf0928d863d1d23cfd719283fd3efa5ddfe4 329180
libpam-openafs-kaserver_1.6.0~pre4-1_i386.deb
44be940c500870dfecdbbeb798a06bf5f262d0dd 6237496
openafs-dbg_1.6.0~pre4-1_i386.deb
Checksums-Sha256:
730a3f2e7526f63e363fbad8fe4707a368086dca26be624b4432cf7939b5008c 1998
openafs_1.6.0~pre4-1.dsc
b0ed4480103bef16f68afc6ad195e2413787a020c9732a7c6bc1b3cc9960a371 9067334
openafs_1.6.0~pre4.orig.tar.gz
54c0043da13963606b18619802fc586d398f82a7b3351bdc3318d905c5cff042 144019
openafs_1.6.0~pre4-1.diff.gz
ad167ca0157570bdc0bf9e6f8381381fffcdd3dd6038f43684b69a54caaa63a7 3351292
openafs-client_1.6.0~pre4-1_i386.deb
d9378028001aed46170d726188af7d3d805ba4e5e2c1de8bca2b523ee73fb6e0 265380
openafs-fuse_1.6.0~pre4-1_i386.deb
8e9775703729cb7c9a443f34ec7553225cd9b306da15145a53e01a2a03021873 288610
openafs-kpasswd_1.6.0~pre4-1_i386.deb
2e4818881f3d60047f7625ffb9c687065b4ecd968e3ae9e6258c1456457ed8da 2934006
openafs-fileserver_1.6.0~pre4-1_i386.deb
35b7807d116197a5f0b95c4c05fef8797f7c901b92a773429ab4e73c510d83ae 667668
openafs-dbserver_1.6.0~pre4-1_i386.deb
f2dde467ca8f39317ef91ba61d5e2b4361b6e8fc53d9760f236f3620a7b812e1 4702674
openafs-doc_1.6.0~pre4-1_all.deb
34bf48a5ffb46b3827856ff6654c49137b4a8b617d01f180b6b0b03b7164a7ae 314748
openafs-krb5_1.6.0~pre4-1_i386.deb
9a40393b9a1a979a7ab267ab16b1ef6a695d4ce18d472341dd64d89bcc3e22b8 75528
libkopenafs1_1.6.0~pre4-1_i386.deb
3519b6e75603eab7b8a48a9d7244fe87761526dabf1940bbb188df1e18097ba0 142732
libafsauthent1_1.6.0~pre4-1_i386.deb
57b91ecba58e44027e6a5c949aac6e1f8fba0a38a69896f3212ed9a41f5c0dab 202086
libafsrpc1_1.6.0~pre4-1_i386.deb
72918f9a8e9e34c695e9995175bf65febd821aea58ca5c443601e182f59f87c1 2483798
libopenafs-dev_1.6.0~pre4-1_i386.deb
eebbcbfeedf960bc6b99c4562e45581cae1e839e2fc1d140dede4463d16ab54f 1097806
openafs-modules-source_1.6.0~pre4-1_all.deb
361a4f53aa33590ccabdb3d13ebf98300be899b54f7a6abbdc5d00407fc2412a 1338744
openafs-modules-dkms_1.6.0~pre4-1_all.deb
941aa28b0da39eb40463b83e787afa402a054b3774a5b9c9e2408ff851cbc3ce 329180
libpam-openafs-kaserver_1.6.0~pre4-1_i386.deb
91ef25d984f92ebcb548626d8556f814495c211eba878fe8a45c3fbbc91c592d 6237496
openafs-dbg_1.6.0~pre4-1_i386.deb
Files:
0bebedcdadaa42a042d0658be83167a8 1998 net optional openafs_1.6.0~pre4-1.dsc
57d07040f2eeeb52489827b64954f0c3 9067334 net optional
openafs_1.6.0~pre4.orig.tar.gz
0b34809e5c0556fae2b9bfe352082afe 144019 net optional
openafs_1.6.0~pre4-1.diff.gz
7051a75c34e1db77aee2ae5142b910de 3351292 net optional
openafs-client_1.6.0~pre4-1_i386.deb
fe13a7962018f6f0ae979ef54da0fa81 265380 net extra
openafs-fuse_1.6.0~pre4-1_i386.deb
f996995d9ca04f703ff8f6e8927a7aad 288610 net extra
openafs-kpasswd_1.6.0~pre4-1_i386.deb
d842f0cab68023ea27b284bc2e8be18d 2934006 net optional
openafs-fileserver_1.6.0~pre4-1_i386.deb
2805afe9c45fedf809f2f82c9ba9cf3f 667668 net optional
openafs-dbserver_1.6.0~pre4-1_i386.deb
e1ac6266aa27f60f2981240a77f5d3be 4702674 doc optional
openafs-doc_1.6.0~pre4-1_all.deb
c2cb127bb599ce6f5a06b69231056ed4 314748 net optional
openafs-krb5_1.6.0~pre4-1_i386.deb
e671740977301bf00fe559de278eaa83 75528 libs optional
libkopenafs1_1.6.0~pre4-1_i386.deb
eb6acccd5fea1c4d6ebb76547e7ba753 142732 libs optional
libafsauthent1_1.6.0~pre4-1_i386.deb
19df264a63dc740e7f52880319d89dac 202086 libs optional
libafsrpc1_1.6.0~pre4-1_i386.deb
74479c4a18ce3df7345c76e26d2854bb 2483798 libdevel extra
libopenafs-dev_1.6.0~pre4-1_i386.deb
51f53c97da9b80969bfd9737570bd20e 1097806 kernel extra
openafs-modules-source_1.6.0~pre4-1_all.deb
f05f97b5bb1cae19e5d72e0da3840a7c 1338744 kernel extra
openafs-modules-dkms_1.6.0~pre4-1_all.deb
e98811874be4f94e26c2d27591870251 329180 admin extra
libpam-openafs-kaserver_1.6.0~pre4-1_i386.deb
488ecadce66cd376b5ad9c683681db7b 6237496 debug extra
openafs-dbg_1.6.0~pre4-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQEcBAEBCAAGBQJNlQQKAAoJEH2AMVxXNt51pk8IAKapoA8JlWdf0b726yVpOpZ7
lPeQYkkDzIhI/LA7bhLFtqIxFXWNO9Dq5dNWe0PP/CbWDLlwJfWkCGZc7kVpYXHg
CZd1oPyRcI7VKtQwiJ1issLV5uZT4iWkIpJQNKYa2UDFUgnNdwPoB6FAWpJ746Ui
FKilflyBEpWgxolws/OFS+95H8dhkGKpxzYlqctm5Zo8XiDeMdBynrE7WkaZUFW4
rE3izbswOpB/ivrV+IB7u3DSicDWQ/E9SXZQqR1qHQdCTYhXTzYn8+wFeNuHnh1S
o9ymM1/9H08NC6PgG/T/90nFjlr7Z5WtQtEgUcMIHNI+7pdDeaaZxtHfMTHfnXg=
=RWy5
-----END PGP SIGNATURE-----
--- End Message ---
