Renan, posso escrever em português certo? Meu nome é Bruno, eu sou o mantenedor do pacote apollon p/ a distribuição Debian.
Acredito que o problema não seja propriamente um bug, acho que a configuração do gift esteja com problemas. Faça um teste, pegue outro cliente de gift (giFTcurs, gifToxic etc...) e veja se os downloads feitos por um usuário vai parar na pasta compartilhada de outro. Caso isso aconteça é mesmo problema do gift. Estou aguardando rsrs. Té mais. ================= >De:Renan Melhado <[EMAIL PROTECTED]> >Para:Debian Bug Tracking System <[EMAIL PROTECTED]> >Assunto:Bug#305571: possible privilege escalation in apollon download > >Package: apollon >Version: 1.0.1-2 >Severity: normal > >I don't know if this is a bug on Apollon or >gift, sorry if I've repoted >this to the wrong package. > >Well, I have a desktop computer, that is shared >with my family (dad, >sister, etc...) and each member of my family has >a different login and >password at the system. So, no user has >permission to read/write/view >anything on other user's /home folder. > >The problem begins that many files that other >user gets on Apollon, it >goes to the shared folder of MY user, that the >user hasn't permissions >to do nothing! The same occurs with many files >that I get with my user, >many files that are downloading goes to the >shared folder of other user >of pc, that my user don't have any permissions >to do it, and the file >doesn't go to the shared folder configured in >Apollon to MY user, it >goes to the shared folder of OTHER USER. > >And, another problem related with this, is that >all downloading files or >downloaded files done by my user, are visible to >other users when they >open Apollon. > >I've already checked and revised all user >permissions at my system, and >the problem doesn't go away. So, it's very >probably to be a serious >vulnerability in Apollon/giFT or, less probably, >a serious Kernel bug of >privileges escalation. > >-- System Information: >Debian Release: 3.1 > APT prefers testing > APT policy: (500, 'testing') >Architecture: i386 (i686) >Kernel: Linux 2.6.8-2-386 >Locale: LANG=pt_BR, LC_CTYPE=pt_BR >(charmap=ISO-8859-1) > >Versions of packages apollon depends on: >ii kdelibs4 4:3.3.2-4.0.2 KDE >core libraries >ii libart-2.0-2 2.3.17-1 >Library of functions for 2D graphi >ii libaudio2 1.7-2 The >Network Audio System (NAS). (s >ii libc6 2.3.2.ds1-20 GNU >C Library: Shared libraries an >ii libfam0c102 2.7.0-6 >client library to control the FAM >ii libfontconfig1 2.3.1-2 >generic font configuration library >ii libfreetype6 2.1.7-2.3 >FreeType 2 font engine, shared lib >ii libgcc1 1:3.4.3-6 GCC >support library >ii libgift0 0.11.8.1-1 >helper library for various giFT co >ii libice6 4.3.0.dfsg.1-10 >Inter-Client Exchange library >ii libidn11 0.5.13-1.0 GNU >libidn library, implementation >ii libpng12-0 1.2.8rel-1 PNG >library - runtime >ii libqt3c102-mt 3:3.3.4-2 Qt >GUI Library (Threaded runtime v >ii libsm6 4.3.0.dfsg.1-12.0.1 X >Window System Session Management >ii libstdc++5 1:3.3.5-8 The >GNU Standard C++ Library v3 >ii libx11-6 4.3.0.dfsg.1-10 X >Window System protocol client li >ii libxcursor1 1.1.3-1 X >cursor management library >ii libxext6 4.3.0.dfsg.1-10 X >Window System miscellaneous exte >ii libxft2 2.1.2-6 >FreeType-based font drawing librar >ii libxrandr2 4.3.0.dfsg.1-10 X >Window System Resize, Rotate and >ii libxrender1 0.8.3-7 X >Rendering Extension client libra >ii libxt6 4.3.0.dfsg.1-10 X >Toolkit Intrinsics >ii xlibs 4.3.0.dfsg.1-12 X >Keyboard Extension (XKB) configu >ii zlib1g 1:1.2.2-3 >compression library - runtime > >-- no debconf information ____________________________________________________________________ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
