Your message dated Wed, 04 May 2005 04:02:37 -0400 with message-id <[EMAIL PROTECTED]> and subject line Bug#303300: fixed in bzip2 1.0.2-6 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 5 Apr 2005 21:56:10 +0000 >From [EMAIL PROTECTED] Tue Apr 05 14:56:10 2005 Return-path: <[EMAIL PROTECTED]> Received: from kitenet.net [64.62.161.42] (postfix) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DIw1q-0004Mg-00; Tue, 05 Apr 2005 14:56:10 -0700 Received: from dragon.kitenet.net (unknown [66.168.94.177]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "Joey Hess", Issuer "Joey Hess" (verified OK)) by kitenet.net (Postfix) with ESMTP id B672E18006 for <[EMAIL PROTECTED]>; Tue, 5 Apr 2005 21:56:08 +0000 (GMT) Received: by dragon.kitenet.net (Postfix, from userid 1000) id 762166E28F; Tue, 5 Apr 2005 17:59:06 -0400 (EDT) Date: Tue, 5 Apr 2005 17:59:05 -0400 From: Joey Hess <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: file permissions modification race (CAN-2005-0953) Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="FL5UXtIhxfXey3p5" Content-Disposition: inline X-Reportbug-Version: 3.9 User-Agent: Mutt/1.5.8i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: --FL5UXtIhxfXey3p5 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Package: bzip2 Version: 1.0.2-5 Severity: normal Tags: security According to http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D111229375217633&w=3D2: If a malicious local user has write access to a directory in which a target user is using bzip2 to extract or compress a file to then a TOCTOU bug can be exploited to change the permission of any file belonging to that user. On decompressing bzip2 copies the permissions from the compressed bzip2 file to the uncompressed file. However there is a gap between the uncompressed file being written (and it's file handler being close) and the permissions of the file being changed. During this gap a malicious user can remove the decompressed file and replace it with a hard-link to another file belonging to the user. bzip2 will then change the permissions on the hard-linked file to be the same as that of the bzip2 file. This is a low impact security hole as it requires a local user to exploit a race, and bzip2 must be run in a directory that the attacker can write to (and +t directories probably don't work), and all you can do is change a file permissions.=20 If you fix this hole, please refer to CAN-2005-0953 in your changelog. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.27 Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8) Versions of packages bzip2 depends on: ii libbz2-1.0 1.0.2-5 high-quality block-sorting fil= e co ii libc6 2.3.2.ds1-20 GNU C Library: Shared librarie= s an -- no debconf information --=20 see shy jo --FL5UXtIhxfXey3p5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCUwopd8HHehbQuO8RAhnfAJ4g7Eg/vVwNZ5QglR3Hj0pjCLv2EwCgoHNl n+iQxlNnoMWQaieV69NZ9UU= =/2Yv -----END PGP SIGNATURE----- --FL5UXtIhxfXey3p5-- --------------------------------------- Received: (at 303300-close) by bugs.debian.org; 4 May 2005 08:12:37 +0000 >From [EMAIL PROTECTED] Wed May 04 01:12:37 2005 Return-path: <[EMAIL PROTECTED]> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DTEzl-0001ul-00; Wed, 04 May 2005 01:12:37 -0700 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1DTEq5-0005N6-00; Wed, 04 May 2005 04:02:37 -0400 From: Anibal Monsalve Salazar <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.55 $ Subject: Bug#303300: fixed in bzip2 1.0.2-6 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Wed, 04 May 2005 04:02:37 -0400 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Source: bzip2 Source-Version: 1.0.2-6 We believe that the bug you reported is fixed in the latest version of bzip2, which is due to be installed in the Debian FTP archive: bzip2_1.0.2-6.diff.gz to pool/main/b/bzip2/bzip2_1.0.2-6.diff.gz bzip2_1.0.2-6.dsc to pool/main/b/bzip2/bzip2_1.0.2-6.dsc bzip2_1.0.2-6_i386.deb to pool/main/b/bzip2/bzip2_1.0.2-6_i386.deb libbz2-1.0_1.0.2-6_i386.deb to pool/main/b/bzip2/libbz2-1.0_1.0.2-6_i386.deb libbz2-dev_1.0.2-6_i386.deb to pool/main/b/bzip2/libbz2-dev_1.0.2-6_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Anibal Monsalve Salazar <[EMAIL PROTECTED]> (supplier of updated bzip2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 04 May 2005 17:13:20 +1000 Source: bzip2 Binary: libbz2-1.0 bzip2 libbz2-dev Architecture: source i386 Version: 1.0.2-6 Distribution: unstable Urgency: high Maintainer: Anibal Monsalve Salazar <[EMAIL PROTECTED]> Changed-By: Anibal Monsalve Salazar <[EMAIL PROTECTED]> Description: bzip2 - high-quality block-sorting file compressor - utilities libbz2-1.0 - high-quality block-sorting file compressor library - runtime libbz2-dev - high-quality block-sorting file compressor library - development Closes: 303300 Changes: bzip2 (1.0.2-6) unstable; urgency=high . * Fixed RC bug "file permissions modification race (CAN-2005-0953)", closes: #303300. Patch by Santiago Ruano Rincon <[EMAIL PROTECTED]>. Original patch available at http://marc.theaimsgroup.com/?l=bugtraq&m=111352423504277&w=2 Files: a74d3720114343270551736341bd40e0 577 utils standard bzip2_1.0.2-6.dsc 64713d0abd18a046cf5574c359cf92ae 13388 utils standard bzip2_1.0.2-6.diff.gz 78d10de9df81a254a6b5d568a094f2ad 38478 libs standard libbz2-1.0_1.0.2-6_i386.deb cab75a9f8e336237dc9253aac64ccc88 30232 libdevel optional libbz2-dev_1.0.2-6_i386.deb ee9afe41875f2ed2e82eccd8de98efd4 233228 utils optional bzip2_1.0.2-6_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCeH4agY5NIXPNpFURAtqPAJ9izEld47sqGGtfdo5cr5p5AgX1SgCePbIT qM4bqXq6c+Jo4LWzgXJr2zo= =sj0G -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]