Bug#605868: sbox-dtc cgi has incorrect Unix rights
On 12/17/2010 11:14 PM, brian m. carlson wrote: On Sat, Dec 04, 2010 at 04:25:22PM +0800, Thomas Goirand wrote: Package: sbox-dtc Version: 1.11.2-1 Severity: grave The patch would be simple. Just adding this in the postinst: chmod u=+rwS /usr/lib/cgi-bin/sbox chown root.root /usr/lib/cgi-bin/sbox You probably want to use root:root here (that is, a colon instead of a dot) because POSIX mandates the use of the colon. People running with POSIXLY_CORRECT or _POSIX2_VERSION set in the environment will see the chmod invocation fail. Which is what has been done in the postinst already, so there's no issue here (eg: the package really IS using colon and not a dot). Thomas -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#605868: sbox-dtc cgi has incorrect Unix rights
On Sat, Dec 04, 2010 at 04:25:22PM +0800, Thomas Goirand wrote: Package: sbox-dtc Version: 1.11.2-1 Severity: grave The file /usr/lib/cgi-bin/sbox should have the SUID bit set, as this is the way sbox works, and also, it should be owned by the root user to allow chroot in the vhost directory. The patch would be simple. Just adding this in the postinst: chmod u=+rwS /usr/lib/cgi-bin/sbox chown root.root /usr/lib/cgi-bin/sbox You probably want to use root:root here (that is, a colon instead of a dot) because POSIX mandates the use of the colon. People running with POSIXLY_CORRECT or _POSIX2_VERSION set in the environment will see the chmod invocation fail. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital signature
Bug#605868: sbox-dtc cgi has incorrect Unix rights
Package: sbox-dtc Version: 1.11.2-1 Severity: grave The file /usr/lib/cgi-bin/sbox should have the SUID bit set, as this is the way sbox works, and also, it should be owned by the root user to allow chroot in the vhost directory. The patch would be simple. Just adding this in the postinst: chmod u=+rwS /usr/lib/cgi-bin/sbox chown root.root /usr/lib/cgi-bin/sbox Thomas Goirand (zigo) -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org