Your message dated Wed, 28 Dec 2005 21:24:07 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#324951: reopen
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 25 Aug 2005 02:22:45 +0000
>From [EMAIL PROTECTED] Wed Aug 24 19:22:44 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E87O8-0004KI-00; Wed, 24 Aug 2005 19:22:44 -0700
Received: from dragon.kitenet.net (cpe-66-207-84-92.wb.hsw.ntelos.net
[66.207.84.92])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 1ADAE17E56
for <[EMAIL PROTECTED]>; Thu, 25 Aug 2005 02:22:27 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 2FD9F6E136; Wed, 24 Aug 2005 22:22:19 -0400 (EDT)
Date: Wed, 24 Aug 2005 22:22:19 -0400
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: DOS via deep directory structure (CAN-2005-2499)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="5vNYLRcllDrimb99"
Content-Disposition: inline
X-Reportbug-Version: 3.16
User-Agent: Mutt/1.5.10i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--5vNYLRcllDrimb99
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: slocate
Severity: important
Tags: security patch
CAN-2005-2499 describes a security hole in slocate:
slocate before 2.7 does not properly process very long paths, which allows
local users to cause a denial of service (updatedb exit and incomplete slo=
cate
database) via a certain crafted directory structure.
Note that the "before 2.7" is wrong. Also, very little information about
the actual problem is available, the only technical information I could
find was inside the updated source package for slocate that Red Hat release=
d,
which has this patch:
--- slocate-2.7/main.c.long 2005-08-09 01:04:39.000000000 +0200
+++ slocate-2.7/main.c 2005-08-09 01:08:51.000000000 +0200
@@ -1078,8 +1078,12 @@
=09
if (!file)
break;
- =09
- if (file->fts_info !=3D FTS_DP && file->fts_info !=3D FTS_NS) {
+
+ /* fts_read () from glibc fails with EOVERFLOW when fts_pathlen
+ would overflow the u_short file->fts_pathlen. */
+ if (file->fts_info =3D=3D FTS_D && file->fts_pathlen > 32768)
+ fts_set(dir,file,FTS_SKIP);
+ else if (file->fts_info !=3D FTS_DP && file->fts_info !=3D
FTS_NS) {
=09
if ((EXCLUDE && !match_exclude(file->fts_path,"")) ||
!EXCLUDE)
frcode(fd,file->fts_path,"");
If I read this right this patch still allows hiding files deep in a
directory hierarchy where slocate will give up looking for them, which
could be construed as a security risk if root expects to be able to use
slocate to find all of a user's files. However, that is apparently
better than the existing failure mode if no size checking is done.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)
--=20
see shy jo
--5vNYLRcllDrimb99
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDDStad8HHehbQuO8RAp+9AKCvmjYWwTph5aFSuko9MLahzAL4mACgmE6E
QMkzmrtEjx5n3pkh9Fxxlak=
=FdaX
-----END PGP SIGNATURE-----
--5vNYLRcllDrimb99--
---------------------------------------
Received: (at 324951-done) by bugs.debian.org; 29 Dec 2005 05:23:24 +0000
>From [EMAIL PROTECTED] Wed Dec 28 21:23:24 2005
Return-path: <[EMAIL PROTECTED]>
Received: from s01060008c72b258d.vf.shawcable.net
([70.68.255.20] helo=trakker.trakker.ca ident=mail)
by spohr.debian.org with esmtp (Exim 4.50)
id 1ErqG4-0005JK-CI
for [EMAIL PROTECTED]; Wed, 28 Dec 2005 21:23:24 -0800
Received: from klindsay by trakker.trakker.ca with local (Exim 3.36 #1 (Debian))
id 1ErqGl-0002W7-00; Wed, 28 Dec 2005 21:24:07 -0800
Date: Wed, 28 Dec 2005 21:24:07 -0800
From: Kevin Lindsay <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: Bastian Blank <[EMAIL PROTECTED]>
Subject: Re: Bug#324951: reopen
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="TybLhxa8M7aNoW+V"
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.11
Sender: "Kevin Lindsay,,," <[EMAIL PROTECTED]>
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
--TybLhxa8M7aNoW+V
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Please read the bug report thread.
Kevin-
On Sat, Dec 24, 2005 at 01:43:26PM +0100, Bastian Blank wrote:
> reopen 300760
> reopen 159235
> reopen 300778
> reopen 338652
> reopen 217608
> reopen 324951
> reopen 266530
> reopen 271695
> reopen 272131
> reopen 229198
> thanks
>=20
> This bugs was closed without solution:
>=20
> | * Closes: #300760, #159235, #300778, #338652, #217608, #324951, #266530
> | * Closes: #271695, #272131
> | * Closes: #229198
>=20
> Bastian
>=20
> --=20
> There's another way to survive. Mutual trust -- and help.
> -- Kirk, "Day of the Dove", stardate unknown
>=20
--
Kevin Lindsay <[EMAIL PROTECTED]>
PGP Key Id: 746C51F4
--TybLhxa8M7aNoW+V
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDs3L3UZpV8HRsUfQRArA0AJ9vhZXlpMUNo8Bb6riQs+7fxZXrCwCgyQbU
68G75Baa9xKMELX9ROllOkU=
=CiwW
-----END PGP SIGNATURE-----
--TybLhxa8M7aNoW+V--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
