Your message dated Sun, 13 Mar 2005 14:32:15 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#299339: fixed in fuse 2.2.1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 13 Mar 2005 18:33:11 +0000
>From [EMAIL PROTECTED] Sun Mar 13 10:33:11 2005
Return-path: <[EMAIL PROTECTED]>
Received: from expredir2.cites.uiuc.edu [128.174.5.185]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DAXtm-0006Zc-00; Sun, 13 Mar 2005 10:33:10 -0800
Received: from Celda (far3044.urh.uiuc.edu [130.126.217.128])
by expredir2.cites.uiuc.edu (8.12.11/8.12.11) with ESMTP id
j2DIXAxr005526
for <[EMAIL PROTECTED]>; Sun, 13 Mar 2005 12:33:10 -0600 (CST)
Date: Sun, 13 Mar 2005 18:33:09 +0000
From: Timothy Brownawell <[EMAIL PROTECTED]>
Subject: "fusermount -u" can set arbitrary permissions on /etc/mtab
To: [EMAIL PROTECTED]
X-Mailer: Balsa 2.3.0
Message-Id: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; DelSp=Yes; Format=Flowed
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: fuse-utils
Version: 2.2-3
Severity: critical
Tags: security
On unmount, fusermount doesn't reset the permissions on the new
/etc/mtab. It ends up having the permissions given in the user's umask,
and belonging to the user's group. This is fixed in upstream CVS.
[mount ~/mnt with any fuse filesystem]
$ umask 000
$ ls -l /etc/mtab
-rw-r--r-- 1 root root 419 2005-03-13 12:23 /etc/mtab
$ fusermount -u ~/mnt
$ ls -l /etc/mtab
-rw-rw-rw- 1 root timothy 358 2005-03-13 12:23 /etc/mtab
---------------------------------------
Received: (at 299339-close) by bugs.debian.org; 13 Mar 2005 19:38:23 +0000
>From [EMAIL PROTECTED] Sun Mar 13 11:38:22 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DAYus-0007Gj-00; Sun, 13 Mar 2005 11:38:22 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DAYox-0005bk-00; Sun, 13 Mar 2005 14:32:15 -0500
From: Bartosz Fenski <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#299339: fixed in fuse 2.2.1-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 13 Mar 2005 14:32:15 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: fuse
Source-Version: 2.2.1-1
We believe that the bug you reported is fixed in the latest version of
fuse, which is due to be installed in the Debian FTP archive:
fuse-source_2.2.1-1_all.deb
to pool/main/f/fuse/fuse-source_2.2.1-1_all.deb
fuse-utils_2.2.1-1_i386.deb
to pool/main/f/fuse/fuse-utils_2.2.1-1_i386.deb
fuse_2.2.1-1.diff.gz
to pool/main/f/fuse/fuse_2.2.1-1.diff.gz
fuse_2.2.1-1.dsc
to pool/main/f/fuse/fuse_2.2.1-1.dsc
fuse_2.2.1.orig.tar.gz
to pool/main/f/fuse/fuse_2.2.1.orig.tar.gz
libfuse-dev_2.2.1-1_i386.deb
to pool/main/f/fuse/libfuse-dev_2.2.1-1_i386.deb
libfuse2_2.2.1-1_i386.deb
to pool/main/f/fuse/libfuse2_2.2.1-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bartosz Fenski <[EMAIL PROTECTED]> (supplier of updated fuse package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 13 Mar 2005 20:02:11 +0100
Source: fuse
Binary: libfuse2 libfuse-dev fuse-utils fuse-source
Architecture: source i386 all
Version: 2.2.1-1
Distribution: unstable
Urgency: high
Maintainer: Bartosz Fenski <[EMAIL PROTECTED]>
Changed-By: Bartosz Fenski <[EMAIL PROTECTED]>
Description:
fuse-source - Filesystem in USErspace (source for kernel module)
fuse-utils - Filesystem in USErspace (utilities)
libfuse-dev - Filesystem in USErspace (development files)
libfuse2 - Filesystem in USErspace library
Closes: 299339
Changes:
fuse (2.2.1-1) unstable; urgency=high
.
* New upstream bugfix release.
Urgency high due to security fix (Closes: #299339)
Files:
2190733a04b6d7f2474db8c02df24a81 625 libs extra fuse_2.2.1-1.dsc
250d89b9c7b6ecf531df60c67f75737d 355773 libs extra fuse_2.2.1.orig.tar.gz
928744f09c005e7c55f2b975f49f521c 7816 libs extra fuse_2.2.1-1.diff.gz
dd1729fbfba13d38527b8700308c2130 38116 utils extra fuse-utils_2.2.1-1_i386.deb
975e7e7f2f859eac72f0b6b1419ed258 52744 libdevel extra
libfuse-dev_2.2.1-1_i386.deb
725693e11bbadff4cebb61d307303842 31938 libs extra libfuse2_2.2.1-1_i386.deb
712867b7867e6d6204ac4a2ac1da2804 78474 utils extra fuse-source_2.2.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCNI/lhQui3hP+/EARAtMiAKCsDUY1y3xGW9je/JbYxGzuSHp3JwCgnHNE
PTOuUXnB3ZDZ8eADwo2xr3M=
=toA0
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
