[Dx-packages] [Bug 1426362] Re: logind session files fill up /run space

[Vasya Pupkin]

All sessions appear in closing state, here's another one:

$ loginctl show-session 77
Id=77
User=1004
Name=raccess
Timestamp=Чт 2018-03-29 20:30:02 MSK
TimestampMonotonic=2363185101
VTNr=0
Remote=yes
RemoteHost=216.126.59.227
Service=sshd
Scope=session-77.scope
Leader=3389
Audit=77
Type=tty
Class=user
Active=yes
State=closing
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to systemd-shim in Ubuntu.
https://bugs.launchpad.net/bugs/1426362

Title:
  logind session files fill up /run space

Status in systemd-shim package in Ubuntu:
  Confirmed

Bug description:
  Under Ubuntu 14.10 (server), systemd fills up /run/systemd/sessions directory 
with files.
  The files are 240-260 bytes, but there are many
   As per default install, /run is on tmpfs with 50 MB size. After a couple of 
days, /run/ runs out of free space, which can cause not so funny errors, like 
failed kernel update (kernel postinst tries to create files here, then fails)

  As I see, thesefiles are releated to ssh sesssions, and yes there are
  plenty SSH connection to this host. Shouldn't systemd remove these old
  session files?

  # lsb_release -rd
  Description:Ubuntu 14.10
  Release:14.10

  # apt-cache policy systemd
  systemd:
Installed: 208-8ubuntu8.2
Candidate: 208-8ubuntu8.2
Version table:
   *** 208-8ubuntu8.2 0
  500 http://hu.archive.ubuntu.com/ubuntu/ utopic-updates/main amd64 
Packages
  100 /var/lib/dpkg/status
   208-8ubuntu8 0
  500 http://hu.archive.ubuntu.com/ubuntu/ utopic/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd-shim/+bug/1426362/+subscriptions

-- 
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help   : https://help.launchpad.net/ListHelp

[Dx-packages] [Bug 1426362] Re: logind session files fill up /run space

[Vasya Pupkin]

I am having the same issue on Ubuntu 16.04 now. All sessions appear to
be for one user that is used for incoming ssh connections for rsync.
Here's an example:

$ loginctl show-session 59
Id=59
User=1004
Name=raccess
Timestamp=Чт 2018-03-29 20:20:03 MSK
TimestampMonotonic=1763641802
VTNr=0
Remote=yes
RemoteHost=216.126.59.227
Service=sshd
Scope=session-59.scope
Leader=2814
Audit=59
Type=tty
Class=user
Active=yes
State=closing
IdleHint=no
IdleSinceHint=0
IdleSinceHintMonotonic=0

I don't see any processes running under user raccess apart from system
ones:

$ ps aux | grep raccess | grep -v grep
raccess   2822  0.0  1.6   6384  4132 ?Ss   20:20   0:00 
/lib/systemd/systemd --user
raccess   2823  0.0  0.4   7316  1096 ?S20:20   0:00 (sd-pam)

And here's an output of lsof -u raccess: https://pbin.cf/444b2d29

This is happening on two servers.

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to systemd-shim in Ubuntu.
https://bugs.launchpad.net/bugs/1426362

Title:
  logind session files fill up /run space

Status in systemd-shim package in Ubuntu:
  Confirmed

Bug description:
  Under Ubuntu 14.10 (server), systemd fills up /run/systemd/sessions directory 
with files.
  The files are 240-260 bytes, but there are many
   As per default install, /run is on tmpfs with 50 MB size. After a couple of 
days, /run/ runs out of free space, which can cause not so funny errors, like 
failed kernel update (kernel postinst tries to create files here, then fails)

  As I see, thesefiles are releated to ssh sesssions, and yes there are
  plenty SSH connection to this host. Shouldn't systemd remove these old
  session files?

  # lsb_release -rd
  Description:Ubuntu 14.10
  Release:14.10

  # apt-cache policy systemd
  systemd:
Installed: 208-8ubuntu8.2
Candidate: 208-8ubuntu8.2
Version table:
   *** 208-8ubuntu8.2 0
  500 http://hu.archive.ubuntu.com/ubuntu/ utopic-updates/main amd64 
Packages
  100 /var/lib/dpkg/status
   208-8ubuntu8 0
  500 http://hu.archive.ubuntu.com/ubuntu/ utopic/main amd64 Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd-shim/+bug/1426362/+subscriptions

-- 
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help   : https://help.launchpad.net/ListHelp

[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Sebastien Bacher]

The weird version is no-go, bionic-proposed is not supposed to be used,
it's a pocket designed for packages testing and validation, if you opt
in for that you should know what you are doing. It's easy enough to go
back, just install dconf-server/bionic libdconf1/bionic etc for all the
dconf binaries you need

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to d-conf in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help   : https://help.launchpad.net/ListHelp

[Dx-packages] [Bug 1740637] Re: Remove python-appindicator and gir1.2-appindicator-0.1

[Jeremy Bicha]

** Description changed:

  gir1.2-appindicator-0.1 has no reverse dependencies (it is for gtk2
  GObject Introspection)
  
  After removals are processed for other reasons, there are only 2
  packages that recommend python-appindicator. It would be trivial to drop
  the recommends. Those 2 packages (deluge and gtk-recordmydesktop) are
  scheduled for autoremoval from Debian Testing in February because they
  use pygtk.
  
  $ reverse-depends python-appindicator
  Reverse-Recommends
  ==
  * deluge-gtk
- * gpodder — should be fixed once 3.10.0 is packaged
  * gtk-recordmydesktop
- * sbackup-gtk — RM requested in LP: #1739800
- * winswitch — RM requested in LP: #1739797
  
  Reverse-Depends
  ===
- * aws-status — RM requested in LP: #1739797
- * cherrytree — RM requested in LP: #1731725
- * glipper — RM requested in LP: #1739800
+ * cherrytree — RM requested in LP: #1731725 (dependency on 
python-appindicator was already dropped early in bionic)
  * hamster-indicator — source is hamster-applet, RM requested in LP: #1739797
- * python-seelablet — RM requested in LP: #1740631
  
  --
  OTHER GTK2 REVERSE DEPENDS
  --
  The other gtk2 libraries for libappindicator aren't planned for removal yet.
- 
  
  $ reverse-depends libappindicator0.1-cil
  Reverse-Depends
  ===
  * banshee-extension-appindicator
  * libappindicator0.1-cil-dev
  * tasque
  * tomboy
  
  $ reverse-depends libappindicator1
  Reverse-Recommends
  ==
  * nautilus-dropbox
  * telegram-desktop
  
  Reverse-Depends
  ===
  * alarm-clock-applet
  * clipit
  * gir1.2-appindicator-0.1 (proposed removal here)
  * gmpc
  * gnome-ppp
  * growl-for-linux
  * guake-indicator
  * gxkb
  * hime
  * indicator-application-gtk2
  * libappindicator-dev
  * libappindicator0.1-cil
  * libgtk2-appindicator-perl (shutter is the only rdepends here, shutter still 
depends on libgnome though)
  * linuxdcpp
  * nitroshare
  * parcellite
  * python-appindicator (proposed removal here)
  * quicksynergy
  * wallch

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to libappindicator in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1740637

Title:
  Remove python-appindicator and gir1.2-appindicator-0.1

Status in libappindicator package in Ubuntu:
  New

Bug description:
  gir1.2-appindicator-0.1 has no reverse dependencies (it is for gtk2
  GObject Introspection)

  After removals are processed for other reasons, there are only 2
  packages that recommend python-appindicator. It would be trivial to
  drop the recommends. Those 2 packages (deluge and gtk-recordmydesktop)
  are scheduled for autoremoval from Debian Testing in February because
  they use pygtk.

  $ reverse-depends python-appindicator
  Reverse-Recommends
  ==
  * deluge-gtk
  * gtk-recordmydesktop

  Reverse-Depends
  ===
  * cherrytree — RM requested in LP: #1731725 (dependency on 
python-appindicator was already dropped early in bionic)
  * hamster-indicator — source is hamster-applet, RM requested in LP: #1739797

  --
  OTHER GTK2 REVERSE DEPENDS
  --
  The other gtk2 libraries for libappindicator aren't planned for removal yet.

  $ reverse-depends libappindicator0.1-cil
  Reverse-Depends
  ===
  * banshee-extension-appindicator
  * libappindicator0.1-cil-dev
  * tasque
  * tomboy

  $ reverse-depends libappindicator1
  Reverse-Recommends
  ==
  * nautilus-dropbox
  * telegram-desktop

  Reverse-Depends
  ===
  * alarm-clock-applet
  * clipit
  * gir1.2-appindicator-0.1 (proposed removal here)
  * gmpc
  * gnome-ppp
  * growl-for-linux
  * guake-indicator
  * gxkb
  * hime
  * indicator-application-gtk2
  * libappindicator-dev
  * libappindicator0.1-cil
  * libgtk2-appindicator-perl (shutter is the only rdepends here, shutter still 
depends on libgnome though)
  * linuxdcpp
  * nitroshare
  * parcellite
  * python-appindicator (proposed removal here)
  * quicksynergy
  * wallch

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libappindicator/+bug/1740637/+subscriptions

-- 
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help   : https://help.launchpad.net/ListHelp

[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Launchpad Bug Tracker]

This bug was fixed in the package d-conf - 0.26.0-2ubuntu3

---
d-conf (0.26.0-2ubuntu3) bionic; urgency=medium

  * 0001-Don-t-create-the-user-config-dir-as-world-readable.patch:
- create the config dir with permissions 700 so it's not world readable
  (lp: #1735929)

 -- Sebastien Bacher   Thu, 29 Mar 2018 11:01:28
+0200

** Changed in: d-conf (Ubuntu Bionic)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to d-conf in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Released
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Released
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help   : https://help.launchpad.net/ListHelp

[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[dino99]

Next proposal:

rename to  0.26.1-3ubuntu3+isreally+0.26.0-2ubuntu3

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to d-conf in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help   : https://help.launchpad.net/ListHelp

[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Jeremy Bicha]

Also, this is why I try suggesting really strongly to you guys not to
run -proposed during the development cycle because these kind of
removals happen.

(Maybe you just need to make sure you downgrade all the dconf binary
packages at the same time.)

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to d-conf in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help   : https://help.launchpad.net/ListHelp

[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Jeremy Bicha]

dino99, we can't easily just set the version higher since the
autopkgtest issue is triggered by 0.26.1 and higher versions.

http://autopkgtest.ubuntu.com/packages/n/notify-osd/bionic/armhf

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to d-conf in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help   : https://help.launchpad.net/ListHelp

[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[dino99]

Yeah but that tweak is quite dirty: try to downgrade from
0.26.1-3ubuntu2 to 0.26.0-2ubuntu3, and you are proposed to remove half
of the packages list.

Maybe set the proposed version higher than the previous proposed one to
bypass that issue.

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to d-conf in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help   : https://help.launchpad.net/ListHelp

[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Sebastien Bacher]

No, that was "dconf" (rename) and that never migrated to bionic due to
armhf autopkgtest issues, I deleted that version to land that fix, the
update can be uploaded again if someone figures out the test issues

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to d-conf in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help   : https://help.launchpad.net/ListHelp

[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[dino99]

d-conf (0.26.0-2ubuntu3) bionic; urgency=medium

  * 0001-Don-t-create-the-user-config-dir-as-world-readable.patch:
- create the config dir with permissions 700 so it's not world readable
  (lp: #1735929)

 -- Sebastien Bacher   Thu, 29 Mar 2018 11:01:28
+0200


uh !! bionic-proposed is already at 0.26.1-3ubuntu2

so 0.26.0-2ubuntu3 is supposed to be uploaded to Artful archive , not
bionic.

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to d-conf in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help   : https://help.launchpad.net/ListHelp

[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10

[Sebastien Bacher]

** Changed in: d-conf (Ubuntu Bionic)
   Status: Triaged => Fix Committed

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to d-conf in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1735929

Title:
  security problems with incorrect permissions for ubuntu 17.10

Status in dconf:
  Confirmed
Status in gnome-session:
  Confirmed
Status in d-conf package in Ubuntu:
  Fix Committed
Status in dconf package in Ubuntu:
  Triaged
Status in gnome-session package in Ubuntu:
  Triaged
Status in session-migration package in Ubuntu:
  Fix Released
Status in d-conf source package in Bionic:
  Fix Committed
Status in dconf source package in Bionic:
  Triaged
Status in gnome-session source package in Bionic:
  Triaged
Status in session-migration source package in Bionic:
  Fix Released

Bug description:
  The release of Ubuntu you are using (lsb_release -rd):
  Description:  Ubuntu 17.10
  Release:  17.10

  This is a fresh installation of Ubuntu 17.10 from the mini.iso.
  I select only default options + [Ubuntu Desktop] installation.

  What you expected to happen:
  My home folder contains the following folders with correct and safe 
permissions after the first login:
  drwx-- 11 user user 4096 Dec  2 17:40 .config
  drwx--  3 user user 4096 Dec  2 17:39 .local

  What happened instead:
  I received these folders after the first login:
  drwxr-xr-x 11 user user 4096 Dec  2 17:40 .config
  drwxr-xr-x  3 user user 4096 Dec  2 17:39 .local
  It is not safe. Any user can access to my .config folders and read for 
example my mail databases

  I'm trying to create a new user...:
  sudo useradd -m user2
  sudo passwd user2
  ... and login then.
  It has the same problem:
  drwxr-xr-x 10 user2 user2 4096 Dec  2 19:44 .config
  drwxr-xr-x  3 user2 user2 4096 Dec  2 19:44 .local

To manage notifications about this bug go to:
https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions

-- 
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help   : https://help.launchpad.net/ListHelp

[Dx-packages] [Bug 1150792] Re: zeitgeist-daemon crashed with SIGABRT in zeitgeist_engine_insert_event()

[Launchpad Bug Tracker]

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: zeitgeist (Ubuntu)
   Status: New => Confirmed

-- 
You received this bug notification because you are a member of DX
Packages, which is subscribed to zeitgeist in Ubuntu.
Matching subscriptions: dx-packages
https://bugs.launchpad.net/bugs/1150792

Title:
  zeitgeist-daemon crashed with SIGABRT in
  zeitgeist_engine_insert_event()

Status in zeitgeist package in Ubuntu:
  Confirmed

Bug description:
  Description:  Ubuntu Raring Ringtail (development branch)
  Release:  13.04
  Ubuntu Software Center: 5.5.5

  ProblemType: Crash
  DistroRelease: Ubuntu 13.04
  Package: zeitgeist-core 0.9.5-0ubuntu1
  ProcVersionSignature: Ubuntu 3.8.0-9.18-generic 3.8.1
  Uname: Linux 3.8.0-9-generic x86_64
  NonfreeKernelModules: fglrx
  ApportVersion: 2.9-0ubuntu2
  Architecture: amd64
  Date: Wed Mar  6 18:18:13 2013
  ExecutablePath: /usr/bin/zeitgeist-daemon
  InstallationDate: Installed on 2013-03-03 (3 days ago)
  InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Alpha amd64 (20130302)
  MarkForUpload: True
  ProcCmdline: /usr/bin/zeitgeist-daemon
  Signal: 6
  SourcePackage: zeitgeist
  StacktraceTop:
   zeitgeist_engine_insert_events ()
   _start ()
  Title: zeitgeist-daemon crashed with SIGABRT in 
zeitgeist_engine_insert_events()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/zeitgeist/+bug/1150792/+subscriptions

-- 
Mailing list: https://launchpad.net/~dx-packages
Post to : dx-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dx-packages
More help   : https://help.launchpad.net/ListHelp