Martin, When I replied this bug, I was thinking to reply directly to him, I havent realized that it wold reply to the bug list too. Sorry.
I told him to check his giFT configs, ant to try to check if this happens with other clients. ================= >De:Martin Köbele <[EMAIL PROTECTED]> >Para:"brunocesar" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] >Assunto:Bug#305571: possible privilege escalation in apollon download > >This doesn't help us when you write in your >language. English is still the >official language for mailing lists in general. >So I don't know whether you posted a solution or >a suggestion. > >Thanks. > >Martin >(Maintainer of Apollon) > >On April 21, 2005 13:29, brunocesar wrote: >> Renan, posso escrever em português certo? >> >> Meu nome é Bruno, eu sou o mantenedor do >pacote apollon p/ a distribuição >> Debian. >> >> Acredito que o problema não seja propriamente >um bug, acho que a >> configuração do gift esteja com problemas. >Faça um teste, pegue outro >> cliente de gift (giFTcurs, gifToxic etc...) e >veja se os downloads feitos >> por um usuário vai parar na pasta >compartilhada de outro. Caso isso >> aconteça é mesmo problema do gift. Estou >aguardando rsrs. >> >> Té mais. >> >> >> >> ================= >> >> >De:Renan Melhado <[EMAIL PROTECTED]> >> >Para:Debian Bug Tracking System ><[EMAIL PROTECTED]> >> >Assunto:Bug#305571: possible privilege >escalation in apollon download >> > >> >Package: apollon >> >Version: 1.0.1-2 >> >Severity: normal >> > >> >I don't know if this is a bug on Apollon or >> >gift, sorry if I've repoted >> >this to the wrong package. >> > >> >Well, I have a desktop computer, that is >shared >> >with my family (dad, >> >sister, etc...) and each member of my family >has >> >a different login and >> >password at the system. So, no user has >> >permission to read/write/view >> >anything on other user's /home folder. >> > >> >The problem begins that many files that other >> >user gets on Apollon, it >> >goes to the shared folder of MY user, that >the >> >user hasn't permissions >> >to do nothing! The same occurs with many >files >> >that I get with my user, >> >many files that are downloading goes to the >> >shared folder of other user >> >of pc, that my user don't have any >permissions >> >to do it, and the file >> >doesn't go to the shared folder configured in >> >Apollon to MY user, it >> >goes to the shared folder of OTHER USER. >> > >> >And, another problem related with this, is >that >> >all downloading files or >> >downloaded files done by my user, are visible >to >> >other users when they >> >open Apollon. >> > >> >I've already checked and revised all user >> >permissions at my system, and >> >the problem doesn't go away. So, it's very >> >probably to be a serious >> >vulnerability in Apollon/giFT or, less >probably, >> >a serious Kernel bug of >> >privileges escalation. >> > >> >-- System Information: >> >Debian Release: 3.1 >> > APT prefers testing >> > APT policy: (500, 'testing') >> >Architecture: i386 (i686) >> >Kernel: Linux 2.6.8-2-386 >> >Locale: LANG=pt_BR, LC_CTYPE=pt_BR >> >(charmap=ISO-8859-1) >> > >> >Versions of packages apollon depends on: >> >ii kdelibs4 4:3.3.2-4.0.2 >KDE >> >core libraries >> >ii libart-2.0-2 2.3.17-1 >> >Library of functions for 2D graphi >> >ii libaudio2 1.7-2 > The >> >Network Audio System (NAS). (s >> >ii libc6 2.3.2.ds1-20 >GNU >> >C Library: Shared libraries an >> >ii libfam0c102 2.7.0-6 >> >client library to control the FAM >> >ii libfontconfig1 2.3.1-2 >> >generic font configuration library >> >ii libfreetype6 2.1.7-2.3 >> >FreeType 2 font engine, shared lib >> >ii libgcc1 1:3.4.3-6 >GCC >> >support library >> >ii libgift0 0.11.8.1-1 >> >helper library for various giFT co >> >ii libice6 4.3.0.dfsg.1-10 >> >Inter-Client Exchange library >> >ii libidn11 0.5.13-1.0 >GNU >> >libidn library, implementation >> >ii libpng12-0 1.2.8rel-1 >PNG >> >library - runtime >> >ii libqt3c102-mt 3:3.3.4-2 Qt >> >GUI Library (Threaded runtime v >> >ii libsm6 4.3.0.dfsg.1-12.0.1 X >> >Window System Session Management >> >ii libstdc++5 1:3.3.5-8 >The >> >GNU Standard C++ Library v3 >> >ii libx11-6 4.3.0.dfsg.1-10 X >> >Window System protocol client li >> >ii libxcursor1 1.1.3-1 X >> >cursor management library >> >ii libxext6 4.3.0.dfsg.1-10 X >> >Window System miscellaneous exte >> >ii libxft2 2.1.2-6 >> >FreeType-based font drawing librar >> >ii libxrandr2 4.3.0.dfsg.1-10 X >> >Window System Resize, Rotate and >> >ii libxrender1 0.8.3-7 X >> >Rendering Extension client libra >> >ii libxt6 4.3.0.dfsg.1-10 X >> >Toolkit Intrinsics >> >ii xlibs 4.3.0.dfsg.1-12 X >> >Keyboard Extension (XKB) configu >> >ii zlib1g 1:1.2.2-3 >> >compression library - runtime >> > >> >-- no debconf information >> >> >________________________________________________ >____________________ ____________________________________________________________________ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
