Bug#356939: marked as done (d-i/base-config can include sensative info in world-readable log files; needs cleanup by passwd)
Your message dated Wed, 30 Aug 2006 23:05:43 -0700 with message-id [EMAIL PROTECTED] and subject line Bug#356939: fixed in shadow 1:4.0.3-31sarge9 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: passwd, base-config Severity: grave Tags: security patch d-i The debian-installer team has determined that various sensative information may be leaked into world-readable log files during the Debian installation process (sarge, etch, sid [1]). This includes: - preseeded passwords for root and other users if a preseed file is being used for an automated install (via the debconf-seed log file in sarge, and the cdebconf database in etch (bug #356845)) - pppoeconf passwords in the base-config log file (bug #254068) - various other information about what software was installed on the system, and the configuration of the system Note that unlike the similar security issues that affected Ubuntu, root passwords are not leaked into the log files during regular, non-preseeded installs. The attached patches to passwd's postinst close these holes for already installed systems, by chmoding all affected log files to mode 600. There are two patches, one is against passwd 1:4.0.14-7 from unstable, and one is against passwd 1:4.0.3-31sarge5 from stable. I've also include a patch for base-confg in stable to do the same thing[2]. In combination with installation-report 2.13 (unstable), this will fix the issue in all circumstances. Note that passwd is not where this bug originated, and is only being involved in the fix because there is no better place to put the fix. Unfortunatly, in systems installed by the sarge installer, some of the affected log files are not owned by any particular package, so the fix has to go into an unrelated package that is installed/upgraded on every system. -- see shy jo [1] oldstable may also be vulnerable to the #254068 part of this issue, but I have not investigated it. [2] The passwd fix is needed to fix already installed systems on upgrade now, while the base-config fix is needed to secure systems installed after the passwd package is accepted into the next stable point release. diff -ur old/shadow-4.0.14/debian/changelog shadow-4.0.14/debian/changelog --- old/shadow-4.0.14/debian/changelog 2006-03-14 15:25:49.0 -0500 +++ shadow-4.0.14/debian/changelog 2006-03-14 16:13:19.0 -0500 @@ -1,3 +1,11 @@ +shadow (1:4.0.14-8) unstable; urgency=high + + * passwd.postinst: On upgrades from any prior version, chmod 600 various +base-config and d-i log files that might contain sensative information, +including in some cases, passwords. + + -- Joey Hess [EMAIL PROTECTED] Tue, 14 Mar 2006 16:12:11 -0500 + shadow (1:4.0.14-7) unstable; urgency=low * The Carré d'Aurillac release (let's stay in Cantal) diff -ur old/shadow-4.0.14/debian/passwd.postinst shadow-4.0.14/debian/passwd.postinst --- old/shadow-4.0.14/debian/passwd.postinst2006-03-14 15:25:49.0 -0500 +++ shadow-4.0.14/debian/passwd.postinst2006-03-14 16:22:36.0 -0500 @@ -4,6 +4,19 @@ case $1 in configure) +# Fix permissions on various log files from old versions of the debian +# installer, some unrelated to passwd but we decided to put the fix +# here since there was no better place. This can safely be removed +# after etch is released. +if dpkg --compare-versions $2 lt 1:4.0.14-8; then + for log in /var/log/base-config* \ + $(find /var/log/debian-installer/ /var/log/installer/ -type f 2/dev/null ); do + if [ -e $log ]; then + chmod 600 $log + fi +done +fi + rm -f /etc/pam.d/passwd.pre-upgrade 2/dev/null if ! getent group shadow | grep -q '^shadow:[^:]*:42' then diff -ur old/shadow-4.0.3/debian/changelog shadow-4.0.3/debian/changelog --- old/shadow-4.0.3/debian/changelog 2006-03-14 16:23:51.0 -0500 +++ shadow-4.0.3/debian/changelog 2006-03-14 16:16:25.0 -0500 @@ -1,3 +1,11 @@ +shadow (1:4.0.3-31sarge6) stable-security; urgency=high + + * passwd.postinst: On upgrades from any prior version, chmod 600 various +base-config and d-i log files that might contain sensative information, +including in some cases, passwords. + + -- Joey Hess [EMAIL PROTECTED] Tue, 14 Mar 2006 16:14:26 -0500 + shadow (1:4.0.3-31sarge5) testing-proposed-updates; urgency=high * Re-apply the
Bug#356939: marked as done (d-i/base-config can include sensative info in world-readable log files; needs cleanup by passwd)
Your message dated Wed, 15 Mar 2006 00:17:08 -0800 with message-id [EMAIL PROTECTED] and subject line Bug#356939: fixed in shadow 1:4.0.14-9 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: passwd, base-config Severity: grave Tags: security patch d-i The debian-installer team has determined that various sensative information may be leaked into world-readable log files during the Debian installation process (sarge, etch, sid [1]). This includes: - preseeded passwords for root and other users if a preseed file is being used for an automated install (via the debconf-seed log file in sarge, and the cdebconf database in etch (bug #356845)) - pppoeconf passwords in the base-config log file (bug #254068) - various other information about what software was installed on the system, and the configuration of the system Note that unlike the similar security issues that affected Ubuntu, root passwords are not leaked into the log files during regular, non-preseeded installs. The attached patches to passwd's postinst close these holes for already installed systems, by chmoding all affected log files to mode 600. There are two patches, one is against passwd 1:4.0.14-7 from unstable, and one is against passwd 1:4.0.3-31sarge5 from stable. I've also include a patch for base-confg in stable to do the same thing[2]. In combination with installation-report 2.13 (unstable), this will fix the issue in all circumstances. Note that passwd is not where this bug originated, and is only being involved in the fix because there is no better place to put the fix. Unfortunatly, in systems installed by the sarge installer, some of the affected log files are not owned by any particular package, so the fix has to go into an unrelated package that is installed/upgraded on every system. -- see shy jo [1] oldstable may also be vulnerable to the #254068 part of this issue, but I have not investigated it. [2] The passwd fix is needed to fix already installed systems on upgrade now, while the base-config fix is needed to secure systems installed after the passwd package is accepted into the next stable point release. diff -ur old/shadow-4.0.14/debian/changelog shadow-4.0.14/debian/changelog --- old/shadow-4.0.14/debian/changelog 2006-03-14 15:25:49.0 -0500 +++ shadow-4.0.14/debian/changelog 2006-03-14 16:13:19.0 -0500 @@ -1,3 +1,11 @@ +shadow (1:4.0.14-8) unstable; urgency=high + + * passwd.postinst: On upgrades from any prior version, chmod 600 various +base-config and d-i log files that might contain sensative information, +including in some cases, passwords. + + -- Joey Hess [EMAIL PROTECTED] Tue, 14 Mar 2006 16:12:11 -0500 + shadow (1:4.0.14-7) unstable; urgency=low * The Carré d'Aurillac release (let's stay in Cantal) diff -ur old/shadow-4.0.14/debian/passwd.postinst shadow-4.0.14/debian/passwd.postinst --- old/shadow-4.0.14/debian/passwd.postinst2006-03-14 15:25:49.0 -0500 +++ shadow-4.0.14/debian/passwd.postinst2006-03-14 16:22:36.0 -0500 @@ -4,6 +4,19 @@ case $1 in configure) +# Fix permissions on various log files from old versions of the debian +# installer, some unrelated to passwd but we decided to put the fix +# here since there was no better place. This can safely be removed +# after etch is released. +if dpkg --compare-versions $2 lt 1:4.0.14-8; then + for log in /var/log/base-config* \ + $(find /var/log/debian-installer/ /var/log/installer/ -type f 2/dev/null ); do + if [ -e $log ]; then + chmod 600 $log + fi +done +fi + rm -f /etc/pam.d/passwd.pre-upgrade 2/dev/null if ! getent group shadow | grep -q '^shadow:[^:]*:42' then diff -ur old/shadow-4.0.3/debian/changelog shadow-4.0.3/debian/changelog --- old/shadow-4.0.3/debian/changelog 2006-03-14 16:23:51.0 -0500 +++ shadow-4.0.3/debian/changelog 2006-03-14 16:16:25.0 -0500 @@ -1,3 +1,11 @@ +shadow (1:4.0.3-31sarge6) stable-security; urgency=high + + * passwd.postinst: On upgrades from any prior version, chmod 600 various +base-config and d-i log files that might contain sensative information, +including in some cases, passwords. + + -- Joey Hess [EMAIL PROTECTED] Tue, 14 Mar 2006 16:14:26 -0500 + shadow (1:4.0.3-31sarge5) testing-proposed-updates; urgency=high * Re-apply the debian/patches/036_CAN-2004-1001_passwd_check
