Your message dated Tue, 20 Dec 2005 11:17:25 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#324951: fixed in slocate 3.0.beta.r1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Aug 2005 02:22:45 +0000
>From [EMAIL PROTECTED] Wed Aug 24 19:22:44 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E87O8-0004KI-00; Wed, 24 Aug 2005 19:22:44 -0700
Received: from dragon.kitenet.net (cpe-66-207-84-92.wb.hsw.ntelos.net
[66.207.84.92])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 1ADAE17E56
for <[EMAIL PROTECTED]>; Thu, 25 Aug 2005 02:22:27 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 2FD9F6E136; Wed, 24 Aug 2005 22:22:19 -0400 (EDT)
Date: Wed, 24 Aug 2005 22:22:19 -0400
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: DOS via deep directory structure (CAN-2005-2499)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="5vNYLRcllDrimb99"
Content-Disposition: inline
X-Reportbug-Version: 3.16
User-Agent: Mutt/1.5.10i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--5vNYLRcllDrimb99
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: slocate
Severity: important
Tags: security patch
CAN-2005-2499 describes a security hole in slocate:
slocate before 2.7 does not properly process very long paths, which allows
local users to cause a denial of service (updatedb exit and incomplete slo=
cate
database) via a certain crafted directory structure.
Note that the "before 2.7" is wrong. Also, very little information about
the actual problem is available, the only technical information I could
find was inside the updated source package for slocate that Red Hat release=
d,
which has this patch:
--- slocate-2.7/main.c.long 2005-08-09 01:04:39.000000000 +0200
+++ slocate-2.7/main.c 2005-08-09 01:08:51.000000000 +0200
@@ -1078,8 +1078,12 @@
=09
if (!file)
break;
- =09
- if (file->fts_info !=3D FTS_DP && file->fts_info !=3D FTS_NS) {
+
+ /* fts_read () from glibc fails with EOVERFLOW when fts_pathlen
+ would overflow the u_short file->fts_pathlen. */
+ if (file->fts_info =3D=3D FTS_D && file->fts_pathlen > 32768)
+ fts_set(dir,file,FTS_SKIP);
+ else if (file->fts_info !=3D FTS_DP && file->fts_info !=3D
FTS_NS) {
=09
if ((EXCLUDE && !match_exclude(file->fts_path,"")) ||
!EXCLUDE)
frcode(fd,file->fts_path,"");
If I read this right this patch still allows hiding files deep in a
directory hierarchy where slocate will give up looking for them, which
could be construed as a security risk if root expects to be able to use
slocate to find all of a user's files. However, that is apparently
better than the existing failure mode if no size checking is done.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)
--=20
see shy jo
--5vNYLRcllDrimb99
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDDStad8HHehbQuO8RAp+9AKCvmjYWwTph5aFSuko9MLahzAL4mACgmE6E
QMkzmrtEjx5n3pkh9Fxxlak=
=FdaX
-----END PGP SIGNATURE-----
--5vNYLRcllDrimb99--
---------------------------------------
Received: (at 324951-close) by bugs.debian.org; 20 Dec 2005 19:21:29 +0000
>From [EMAIL PROTECTED] Tue Dec 20 11:21:29 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EomzF-0003vP-Gg; Tue, 20 Dec 2005 11:17:25 -0800
From: Kevin Lindsay <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#324951: fixed in slocate 3.0.beta.r1-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 20 Dec 2005 11:17:25 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 11
Source: slocate
Source-Version: 3.0.beta.r1-1
We believe that the bug you reported is fixed in the latest version of
slocate, which is due to be installed in the Debian FTP archive:
slocate_3.0.beta.r1-1.diff.gz
to pool/main/s/slocate/slocate_3.0.beta.r1-1.diff.gz
slocate_3.0.beta.r1-1.dsc
to pool/main/s/slocate/slocate_3.0.beta.r1-1.dsc
slocate_3.0.beta.r1-1_i386.deb
to pool/main/s/slocate/slocate_3.0.beta.r1-1_i386.deb
slocate_3.0.beta.r1.orig.tar.gz
to pool/main/s/slocate/slocate_3.0.beta.r1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kevin Lindsay <[EMAIL PROTECTED]> (supplier of updated slocate package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 19 Dec 2005 21:54:52 -0800
Source: slocate
Binary: slocate
Architecture: source i386
Version: 3.0.beta.r1-1
Distribution: unstable
Urgency: low
Maintainer: Kevin Lindsay <[EMAIL PROTECTED]>
Changed-By: Kevin Lindsay <[EMAIL PROTECTED]>
Description:
slocate - Secure replacement of findutil's locate
Closes: 159235 217608 229198 266530 271695 272131 274538 296033 300760 300778
324951 338652
Changes:
slocate (3.0.beta.r1-1) unstable; urgency=low
.
* New release. 3.0 beta r1. This is a complete redesign/rewrite.
* Closes: #300760, #159235, #300778, #338652, #217608, #324951, #266530
* Closes: #271695, #272131
* Closes: #274538 . updatedb will not print an error message if no database
exists.
* Closes: #296033 . Renamed DEBUG to SL_DEBUG.
* Closes: #229198
Files:
13bbfa56905568d2f366ecb115da2461 580 utils optional slocate_3.0.beta.r1-1.dsc
a5b5a133263727a7f23f8076b03293c8 35888 utils optional
slocate_3.0.beta.r1.orig.tar.gz
df05b89f555a99174feacc499e294f64 20 utils optional
slocate_3.0.beta.r1-1.diff.gz
5d66d5d376100436d6d53063a27f03a0 29004 utils optional
slocate_3.0.beta.r1-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDp7/UUZpV8HRsUfQRAiD/AJ0S3ikNtoWIF83xbiJjlEeTY7BpaQCg55TS
fnJ/EEf8Ehm6T/FXe7/n+mY=
=X5g+
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
