Bug#369886: [Pkg-dspam-misc] Bug#369886: [dspam-dev] Debian Patches for a couple of bugs.
Daniel Kahn Gillmor wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Jesus-- [Moving this discussion to the debian bug tracker, since it's now more about debian packaging than upstream] On June 19, [EMAIL PROTECTED] said: On Mon, Jun 19, 2006 at 01:25:55PM -0400, Daniel Kahn Gillmor wrote: On June 19, [EMAIL PROTECTED] said: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369886 a variant of this patchset was already submitted on this list [0] (it was the command-line argument variant), and is probably indefinitely on hold for upstream due to a couple reasons: 0) jonz seemed unconvinced [1] that dropping privileges in the way i suggested would be sufficiently secure to avoid exploitation (though i confess i didn't understand his argument) Do you have a pointer to his explanation ? And yours ? 1) jonz and myself were unfortunately unable to come to a mutually-satisfactory agreement about copyright assignment :( Same goes for me. Ok, i will tag it wontfix, then. If you think that's the best way to go for this bug, i'll stick with your decision. But i'd like to continue to consider it for debian, at least. If the concern is the copyright assignment issue, that shouldn't have any bearing on the patch's integration with debian. jonz has only stated that he won't accept copywritable contributions from me upstream without giving him full copyright assignment. The patch itself is offered under the GPL, so i wouldn't think there would be a problem with debian using it. The source of dspam is released under the GPLv2, so it won't give a problem to apply a patch that is offered under the GPL. If the reason is the security argument, can you help me understand what the issue is with the patchset? I'd like to try to fix it, if possible. I went through the list of bugs to do the upload asap. That sounds great! Thanks for doing it. --dkg Hi, I like your patch and your proposal, and would like to see this in Debian, but doesn't this interfere with the patch: add-config-dir.dpatch ? And is there a possibility to write some documentation around it (in NEWS.Debian or README.Debian for example ? Regards, Matthijs Mohlmann PS: Did this conversation took place at the mailinglist of dspam ? I believe I missed something... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#369886: [Pkg-dspam-misc] Bug#369886: [dspam-dev] Debian Patches for a couple of bugs.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On June 21, [EMAIL PROTECTED] said: Daniel Kahn Gillmor wrote: 0) jonz seemed unconvinced [1] that dropping privileges in the way i suggested would be sufficiently secure to avoid exploitation (though i confess i didn't understand his argument) Do you have a pointer to his explanation ? And yours ? there wasn't as much in-depth discussion about the technical merit of the patch as i would have liked. What there was was on dspam-dev, which should be visible through gmane here (i tried to provide these links in the previous e-mail, but they may not have come through): http://news.gmane.org/find-root.php?message_id=%3c17515.39819.64753.124171%40localhost.localdomain%3e http://news.gmane.org/find-root.php?message_id=%3cB26CB601%2d821B%2d4B16%2d88CD%2dF8E29F9BAF49%40nuclearelephant.com%3e afaik, the earliest request for this feature was on dspam-users: http://dspam.nuclearelephant.com/dspam-users/2736.html The source of dspam is released under the GPLv2, so it won't give a problem to apply a patch that is offered under the GPL. That's my understanding as well. I like your patch and your proposal, and would like to see this in Debian, but doesn't this interfere with the patch: add-config-dir.dpatch ? i don't think they interfere with each other. Both patches apply cleanly together (allow-alternate-config.dpatch goes at the end of d/p/00list), and they have orthogonal functionality: - add-config-dir allows you to Include other directories from your config file, wherever it is located. - allow-alternate-config allows a dspam user to specify an entirely different config file (which may itself use Include directives, thanks to add-config-dir) instead of the default one. And is there a possibility to write some documentation around it (in NEWS.Debian or README.Debian for example ? I'd be happy to. Something short and sweet would be good to encourage folks to actually read it :) I'm not sure whether it warrants an entry in NEWS, but i'll defer to more experienced packagers on that. How about: - --- As of version $(insert version here), debian's dspam packages allow the user to select an alternate configuration file at runtime, which should be indicated by name through the DSPAM_CONF environment variable. This is useful for (among other things) running multiple parallel daemons or individual users setting up their own classifier instances. For example (in bash): $ DSPAM_CONF=~/my-classifier/dspam.conf dspam_stats testerX For security reasons, use of an alternate config file will cause any setuid binary to drop privileges. Therefore, any use of dspam which relies on the setuid nature of the binary (e.g. updating the host's centralized data store as a non-privileged user) *must not* use an alternate config file (i.e. make sure that DSPAM_CONF is unset). - --- meh. still too long, i think. i welcome edits. Regards, --dkg -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ http://mailcrypt.sourceforge.net/ iD8DBQFEmWkkiXTlFKVLY2URAlpsAKD9RT3gavnZ5Ax7iApMB7haweX7BgCdEb6R cMLfX6VIX7767pHEeDW21Ms= =IbDt -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#369886: [Pkg-dspam-misc] Bug#369886: [dspam-dev] Debian Patches for a couple of bugs.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel Kahn Gillmor wrote: On June 21, [EMAIL PROTECTED] said: Daniel Kahn Gillmor wrote: 0) jonz seemed unconvinced [1] that dropping privileges in the way i suggested would be sufficiently secure to avoid exploitation (though i confess i didn't understand his argument) Do you have a pointer to his explanation ? And yours ? there wasn't as much in-depth discussion about the technical merit of the patch as i would have liked. What there was was on dspam-dev, which should be visible through gmane here (i tried to provide these links in the previous e-mail, but they may not have come through): http://news.gmane.org/find-root.php?message_id=%3c17515.39819.64753.124171%40localhost.localdomain%3e http://news.gmane.org/find-root.php?message_id=%3cB26CB601%2d821B%2d4B16%2d88CD%2dF8E29F9BAF49%40nuclearelephant.com%3e Thank you, I've read the discussion. Jonz is talking about remote code execution, but if you are dropping privileges and you are, then I don't see a security problem. So I'm wondering where he sees the security problem... afaik, the earliest request for this feature was on dspam-users: http://dspam.nuclearelephant.com/dspam-users/2736.html The source of dspam is released under the GPLv2, so it won't give a problem to apply a patch that is offered under the GPL. That's my understanding as well. I like your patch and your proposal, and would like to see this in Debian, but doesn't this interfere with the patch: add-config-dir.dpatch ? i don't think they interfere with each other. Both patches apply cleanly together (allow-alternate-config.dpatch goes at the end of d/p/00list), and they have orthogonal functionality: - add-config-dir allows you to Include other directories from your config file, wherever it is located. Ah fine, I could know that myself. - allow-alternate-config allows a dspam user to specify an entirely different config file (which may itself use Include directives, thanks to add-config-dir) instead of the default one. And is there a possibility to write some documentation around it (in NEWS.Debian or README.Debian for example ? I'd be happy to. Something short and sweet would be good to encourage folks to actually read it :) I'm not sure whether it warrants an entry in NEWS, but i'll defer to more experienced packagers on that. How about: --- As of version $(insert version here), debian's dspam packages allow the user to select an alternate configuration file at runtime, which should be indicated by name through the DSPAM_CONF environment variable. This is useful for (among other things) running multiple parallel daemons or individual users setting up their own classifier instances. For example (in bash): $ DSPAM_CONF=~/my-classifier/dspam.conf dspam_stats testerX For security reasons, use of an alternate config file will cause any setuid binary to drop privileges. Therefore, any use of dspam which relies on the setuid nature of the binary (e.g. updating the host's centralized data store as a non-privileged user) *must not* use an alternate config file (i.e. make sure that DSPAM_CONF is unset). --- meh. still too long, i think. i welcome edits. Let me think about it, I've not a direct edit for you. Regards, --dkg Regards, Matthijs Mohlmann -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEmZp02n1ROIkXqbARAm9rAJoDgrEoQxVbR0pn/4sodtVPag0LbACfeqtp o3Q1nD47TmAt902Vrwvuf+4= =q0TA -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]