Package: release.debian.org Severity: normal Tags: jessie wheezy User: release.debian....@packages.debian.org Usertags: pu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Dear Stable Release Managers, I come to you with this request after discussion with the security team. Because the issue I describe below only manifest itself upon database upgrades, which are extremely rare in a stable release, they consider it more appropriate for a SRU than for a DSA. Recently a security issue¹ was reported against my package dbconfig-common. dbconfig-common is a Debian helper package for packages that require data in a database. The issue is that backups made by dbconfig-common during updates that involve PostgreSQL databases end up in files that may be readable by every user on the system (depending on the umask) because file permissions are not properly enforced. The code sets the umask but only after the file is created. The fix is simple, move the lines creating the files and setting the ownership to after the change of the umask (see below the patch for unstable). Apart from fixing the issue for creation of new files, the original reporter was suggesting to fix the permissions of already created files as well. What would your opinion be on that matter? I haven't created a proper patch for that yet, but it should simply chmod all the files in /var/cache/dbconfig-common/backups during installation of dbconfig-common. I will start to work on a proper debdiff, but I appreciate it to know if I should include the fixing of existing files in it. Paul Current maintainer of dbconfig-common ¹ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=805638 - --- /usr/share/dbconfig-common/internal/pgsql.orig 2014-11-02 21:54:07.000000000 +0100 +++ /usr/share/dbconfig-common/internal/pgsql 2015-11-21 13:49:04.863637686 +0100 @@ -174,14 +174,14 @@ local extra retval PGSSLMODE localuser _dbc_asuser dumpfile old_umask dumpfile=$1 localuser=`_dbc_psql_local_username` - - touch $dumpfile - - chown $localuser $dumpfile PGSSLMODE="prefer" retval=0 _dbc_psql_cmd_setup if [ "$dbc_ssl" ]; then PGSSLMODE="require"; fi old_umask=`umask` umask 0066 + touch $dumpfile + chown $localuser $dumpfile extra=`_dbc_psql_cmd_args` extra="-f \"$dumpfile\" $extra" _dbc_debug "su -s /bin/sh $localuser -c \"env HOME='$_dbc_pgsql_tmpdir' PGPASSFILE='$_dbc_pgsql_tmpdir/.pgpass' PGSSLMODE='$PGSSLMODE' pg_dump $extra $dbc_dbname\" 2>&1" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJWVhO9AAoJEJxcmesFvXUKH/AIAMC+y4ZZc8kmeF09lqv1U4/b vqvTjovDu0X9vSrK7/Urfdzo38mlOgrufRFlqFqbkMhXCph5nm+OQyRagxRbTl9K dFSD3fhf5axzpQThnim+qBbYNl/yzq+J4W/NQQGws+TO1xGlMTnNmb6W8Uf1+ca1 kFIFa370+Rv+d21NaJk6Y/RE1uR9V7yGnJNRSM5zwTo/zzN6XECJPCYklMRpnmA/ DVxnKT0LZHqAFr5q1L07bvjgGhx0xMk0ObVUvkgPH2fnxdWlBVXoXQQ6L7C0OcJq thYQqGVH1Ef9g93gtjkBAGVaUjBFcHfApHHLZojX3Jg0P324GC3NCvM14ZrTObk= =4Qe0 -----END PGP SIGNATURE-----
