Your message dated Sat, 14 Jan 2006 18:02:09 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#313084: fixed in dchroot 0.12
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Jun 2005 19:12:07 +0000
>From [EMAIL PROTECTED] Sat Jun 11 12:12:07 2005
Return-path: <[EMAIL PROTECTED]>
Received: from s2.ukfsn.org (mail.ukfsn.org) [217.158.120.143]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DhBOo-0004or-00; Sat, 11 Jun 2005 12:12:07 -0700
Received: from localhost (lucy.ukfsn.org [127.0.0.1])
by mail.ukfsn.org (Postfix) with ESMTP
id 5A649E6D9D; Sat, 11 Jun 2005 20:10:36 +0100 (BST)
Received: from mail.ukfsn.org ([127.0.0.1])
by localhost (lucy.ukfsn.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 09980-02; Sat, 11 Jun 2005 20:10:36 +0100 (BST)
Received: from hardknott.home.whinlatter.ukfsn.org
(dsl-80-41-4-72.access.as9105.com [80.41.4.72])
by mail.ukfsn.org (Postfix) with ESMTP
id 0EBE7E6D41; Sat, 11 Jun 2005 20:10:36 +0100 (BST)
Received: from rleigh by hardknott.home.whinlatter.ukfsn.org with local (Exim
4.50)
id 1DhBOO-0005Pq-0H; Sat, 11 Jun 2005 20:11:40 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Roger Leigh <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: dchroot: Option '-c' could be exploited to crash the program or worse
X-Mailer: reportbug 3.12
Date: Sat, 11 Jun 2005 20:11:39 +0100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: dchroot
Version: 0.11
Severity: important
Option -c accesses argv[++index] without checking if the current index
is the last index (argc - 1). If -c is the last index, this will
therefore be past the end of the argv array (most likely a NULL
pointer).
This is unlikely to be a security risk, but in a program like this
which is setuid root, a hand-coded getopt routine is a really bad
idea. Please use the standard libc getopt() routine, which will
make your code simpler, more robust, and easier to audit. getopt()
handles arguments and optional arguments automatically, so this
type of bug does not occur.
Regards,
Roger
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-rc6
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages dchroot depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an
-- no debconf information
---------------------------------------
Received: (at 313084-close) by bugs.debian.org; 15 Jan 2006 02:11:39 +0000
>From [EMAIL PROTECTED] Sat Jan 14 18:11:39 2006
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1ExxDd-0001c4-2G; Sat, 14 Jan 2006 18:02:09 -0800
From: David Kimdon <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#313084: fixed in dchroot 0.12
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sat, 14 Jan 2006 18:02:09 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2
Source: dchroot
Source-Version: 0.12
We believe that the bug you reported is fixed in the latest version of
dchroot, which is due to be installed in the Debian FTP archive:
dchroot_0.12.dsc
to pool/main/d/dchroot/dchroot_0.12.dsc
dchroot_0.12.tar.gz
to pool/main/d/dchroot/dchroot_0.12.tar.gz
dchroot_0.12_powerpc.deb
to pool/main/d/dchroot/dchroot_0.12_powerpc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Kimdon <[EMAIL PROTECTED]> (supplier of updated dchroot package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 14 Jan 2006 15:51:16 -0800
Source: dchroot
Binary: dchroot
Architecture: source powerpc
Version: 0.12
Distribution: unstable
Urgency: low
Maintainer: David Kimdon <[EMAIL PROTECTED]>
Changed-By: David Kimdon <[EMAIL PROTECTED]>
Description:
dchroot - Execute commands under different root filesystems
Closes: 312387 313084 313085 340016
Changes:
dchroot (0.12) unstable; urgency=low
.
* Exit with an error if /etc/dchroot.conf is writable by all.
(closes: #313085)
* Use getopt() for argument processing (closes: #340016, #313084)
* Add option to query availability of a chroot (closes: #312387)
* Update to non-deprecated debhelper compatability 4 (DH_COMPAT).
Files:
27a915997ec4f79cd8e4957d41bd4ce5 498 admin optional dchroot_0.12.dsc
ea6b76c6bea7a0f219046a06752e79d7 20098 admin optional dchroot_0.12.tar.gz
fab8ef68e60da6ca4baa08f9c61800ff 10558 admin optional dchroot_0.12_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDyarLST1m+6jv1gMRAs9DAKCYEiB6k8sbNldpH8ijW6HpTO3jHwCglJCk
RMbisqh9JhIfAj25YvnJ6Gs=
=v+6Y
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
