Your message dated Tue, 03 Aug 2004 00:47:16 -0400 with message-id <[EMAIL PROTECTED]> and subject line Bug#261386: fixed in kdelibs 4:3.2.3-4 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 25 Jul 2004 17:56:42 +0000 >From [EMAIL PROTECTED] Sun Jul 25 10:56:42 2004 Return-path: <[EMAIL PROTECTED]> Received: from anchor-post-36.mail.demon.net (anchor-post-37.mail.demon.net) [194.217.242.86] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BonEn-0004Ne-00; Sun, 25 Jul 2004 10:56:42 -0700 Received: from cph.demon.co.uk ([83.104.40.52]) by anchor-post-37.mail.demon.net with esmtp (Exim 3.35 #1) id 1BonEl-0001mx-0b for [EMAIL PROTECTED]; Sun, 25 Jul 2004 17:56:40 +0000 Received: by cph.demon.co.uk (Postfix, from userid 1000) id 4F8DA56FFA; Sun, 25 Jul 2004 18:55:51 +0100 (BST) Date: Sun, 25 Jul 2004 18:55:50 +0100 From: Colin Phipps <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: /usr/lib/libkdeinit_dcopserver.so: not using mkstemp, creating temp file unsafely Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Reportbug-Version: 2.63 User-Agent: Mutt/1.5.6+20040523i Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: kdelibs-bin Version: 4:3.2.3-2 Severity: grave File: /usr/lib/libkdeinit_dcopserver.so Tags: security patch Justification: user security hole dcop/dcopserver.cpp creates a temporary file /tmp/dcopXXXXXX. This file should be created using mkstemp(3), to avoid /tmp symlink races/attacks. However, due to a build file oversight, the configure script does not test for the availability of mkstemp, so HAVE_MKSTEMP is not defined, and dcopserver.cpp falls back on the insecure tempnam(3) instead. So every time the dcopserver is started, it creates its temporary file unsafely, making it potentially vulnerable to symlink attacks. As the file in question is passed to iceauth, this could expose local authentication data, or be used to submit mischevious commands to iceauth. % nm -D /usr/lib/libkdeinit_dcopserver.so|egrep 'tempnam|mkstemp' U tempnam The patch below should correct (I haven't the nerve to rebuild the whole of kdelibs :-), but have checked that the individual source file recompiles correctly) the build scripts to detect mkstemp, enabling the safe code path in dcopserver.cpp. Of course, in addition to the patch below, configure.in, configure & config.h.in must be regenerated in the normal way. This should result in a config.h that defined HAVE_MKSTEMP, and libkdeinit_dcopserver.so should then use mkstemp instead. diff -pru kdelibs-3.2.3/acinclude.m4 ../kdelibs-3.2.3/acinclude.m4 --- kdelibs-3.2.3/acinclude.m4 2004-07-25 18:08:43.000000000 +0100 +++ ../kdelibs-3.2.3/acinclude.m4 2004-07-25 18:14:05.000000000 +0100 @@ -2302,6 +2302,19 @@ mkstemps("/tmp/aaaXXXXXX", 6); [MKSTEMPS]) ]) +AC_DEFUN([AC_CHECK_MKSTEMP], +[ + KDE_CHECK_FUNC_EXT(mkstemp, [ +#include <stdlib.h> +#include <unistd.h> +], + [ +mkstemp("/tmp/aaaXXXXXX"); +], + [int mkstemp(char *, int)], + [MKSTEMP]) +]) + AC_DEFUN([AC_CHECK_MKDTEMP], [ KDE_CHECK_FUNC_EXT(mkdtemp, [ diff -pru kdelibs-3.2.3/configure.in.in ../kdelibs-3.2.3/configure.in.in --- kdelibs-3.2.3/configure.in.in 2004-01-19 13:01:23.000000000 +0000 +++ ../kdelibs-3.2.3/configure.in.in 2004-07-25 18:03:36.000000000 +0100 @@ -111,6 +113,7 @@ AC_CHECK_SETENV AC_CHECK_UNSETENV AC_CHECK_RANDOM AC_CHECK_MKSTEMPS +AC_CHECK_MKSTEMP AC_CHECK_MKDTEMP AC_CHECK_FUNCS(strtoll socket seteuid setegid strfmon stpcpy gettimeofday) -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.22 Locale: LANG=en_GB, LC_CTYPE=en_GB Versions of packages kdelibs-bin depends on: ii kdelibs4 4:3.2.3-2 KDE core libraries ii libart-2.0-2 2.3.16-5 Library of functions for 2D graphi ii libbz2-1.0 1.0.2-1 A high-quality block-sorting file ii libc6 2.3.2.ds1-13 GNU C Library: Shared libraries an ii libcupsys2-gnu 1.1.20final+cvs20040330-4 Common UNIX Printing System(tm) - ii libfam0c102 2.7.0-5 client library to control the FAM ii libgcc1 1:3.3.4-3 GCC support library ii libice6 4.3.0.dfsg.1-4 Inter-Client Exchange library ii libpng12-0 1.2.5.0-6 PNG library - runtime ii libqt3c102-mt 3:3.2.3-4 Qt GUI Library (Threaded runtime v ii libsm6 4.3.0.dfsg.1-4 X Window System Session Management ii libstdc++5 1:3.3.4-3 The GNU Standard C++ Library v3 ii libx11-6 4.3.0.dfsg.1-4 X Window System protocol client li ii libxext6 4.3.0.dfsg.1-4 X Window System miscellaneous exte ii libxml2 2.6.10-3 GNOME XML library ii libxrender1 0.8.3-7 X Rendering Extension client libra ii libxslt1.1 1.1.7-1 XSLT processing library - runtime ii menu-xdg 0.1 freedesktop.org menu compliant win ii netpbm 2:10.0-4 Graphics conversion tools ii python 2.3.4-1 An interactive high-level object-o ii xlibs 4.3.0.dfsg.1-4 X Window System client libraries m ii zlib1g 1:1.2.1.1-3 compression library - runtime -- no debconf information -- Colin Phipps <[EMAIL PROTECTED]> --------------------------------------- Received: (at 261386-close) by bugs.debian.org; 3 Aug 2004 04:55:05 +0000 >From [EMAIL PROTECTED] Mon Aug 02 21:55:05 2004 Return-path: <[EMAIL PROTECTED]> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1BrrKL-0007W6-00; Mon, 02 Aug 2004 21:55:05 -0700 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1BrrCm-0007vd-00; Tue, 03 Aug 2004 00:47:16 -0400 From: Christopher L Cheney <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.51 $ Subject: Bug#261386: fixed in kdelibs 4:3.2.3-4 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Tue, 03 Aug 2004 00:47:16 -0400 Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: X-CrossAssassin-Score: 3 Source: kdelibs Source-Version: 4:3.2.3-4 We believe that the bug you reported is fixed in the latest version of kdelibs, which is due to be installed in the Debian FTP archive: kdelibs-bin_3.2.3-4_i386.deb to pool/main/k/kdelibs/kdelibs-bin_3.2.3-4_i386.deb kdelibs-data_3.2.3-4_all.deb to pool/main/k/kdelibs/kdelibs-data_3.2.3-4_all.deb kdelibs4-dev_3.2.3-4_i386.deb to pool/main/k/kdelibs/kdelibs4-dev_3.2.3-4_i386.deb kdelibs4-doc_3.2.3-4_all.deb to pool/main/k/kdelibs/kdelibs4-doc_3.2.3-4_all.deb kdelibs4_3.2.3-4_i386.deb to pool/main/k/kdelibs/kdelibs4_3.2.3-4_i386.deb kdelibs_3.2.3-4.diff.gz to pool/main/k/kdelibs/kdelibs_3.2.3-4.diff.gz kdelibs_3.2.3-4.dsc to pool/main/k/kdelibs/kdelibs_3.2.3-4.dsc kdelibs_3.2.3-4_all.deb to pool/main/k/kdelibs/kdelibs_3.2.3-4_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christopher L Cheney <[EMAIL PROTECTED]> (supplier of updated kdelibs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 2 Aug 2004 22:00:00 -0500 Source: kdelibs Binary: kdelibs4 kdelibs-bin kdelibs kdelibs4-doc kdelibs-data kdelibs4-dev Architecture: source i386 all Version: 4:3.2.3-4 Distribution: unstable Urgency: high Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Christopher L Cheney <[EMAIL PROTECTED]> Description: kdelibs - KDE core libraries metapackage kdelibs-bin - KDE core binaries kdelibs-data - KDE core shared data kdelibs4 - KDE core libraries kdelibs4-dev - KDE core libraries (development files) kdelibs4-doc - KDE core library documentation Closes: 261386 262589 262832 Changes: kdelibs (4:3.2.3-4) unstable; urgency=high . * KDE_3_2_BRANCH Update. * Apply patch for mktemp security issue. (Closes: #261386) * Build-Depends: libtiff4-dev. (Closes: #262589, #262832) Files: 109efad62ca6541b69b9e30009e3bf24 1086 libs optional kdelibs_3.2.3-4.dsc 982c57a6ef80af0a638572289b7c8ef0 120036 libs optional kdelibs_3.2.3-4.diff.gz 73ec9cc182290540a30ed2ed3a725bb8 837718 libs optional kdelibs-bin_3.2.3-4_i386.deb b2e44181732d5baf5ae04deede754445 7600792 libs optional kdelibs4_3.2.3-4_i386.deb 81b01172dbd8c8747bf5d7020b4a2c3b 1132562 libdevel optional kdelibs4-dev_3.2.3-4_i386.deb 23baa9681023462e1ac1cea13f2fb09e 16228 kde optional kdelibs_3.2.3-4_all.deb 82a218799afb7dfcd2c583ef89c83de9 6392016 libs optional kdelibs-data_3.2.3-4_all.deb e9d9d0bba292147676bab226dd657228 11615116 doc optional kdelibs4-doc_3.2.3-4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFBDwzi0QZas444SvIRAtCWAKCIjNo/v39qjWiDsQyHb/Vf//zJjwCgw4Ya u/kbUXxsQA8ViDxvvxmAAEk= =dYk5 -----END PGP SIGNATURE-----