[Dx-packages] [Bug 1426362] Re: logind session files fill up /run space
All sessions appear in closing state, here's another one: $ loginctl show-session 77 Id=77 User=1004 Name=raccess Timestamp=Чт 2018-03-29 20:30:02 MSK TimestampMonotonic=2363185101 VTNr=0 Remote=yes RemoteHost=216.126.59.227 Service=sshd Scope=session-77.scope Leader=3389 Audit=77 Type=tty Class=user Active=yes State=closing IdleHint=no IdleSinceHint=0 IdleSinceHintMonotonic=0 -- You received this bug notification because you are a member of DX Packages, which is subscribed to systemd-shim in Ubuntu. https://bugs.launchpad.net/bugs/1426362 Title: logind session files fill up /run space Status in systemd-shim package in Ubuntu: Confirmed Bug description: Under Ubuntu 14.10 (server), systemd fills up /run/systemd/sessions directory with files. The files are 240-260 bytes, but there are many As per default install, /run is on tmpfs with 50 MB size. After a couple of days, /run/ runs out of free space, which can cause not so funny errors, like failed kernel update (kernel postinst tries to create files here, then fails) As I see, thesefiles are releated to ssh sesssions, and yes there are plenty SSH connection to this host. Shouldn't systemd remove these old session files? # lsb_release -rd Description:Ubuntu 14.10 Release:14.10 # apt-cache policy systemd systemd: Installed: 208-8ubuntu8.2 Candidate: 208-8ubuntu8.2 Version table: *** 208-8ubuntu8.2 0 500 http://hu.archive.ubuntu.com/ubuntu/ utopic-updates/main amd64 Packages 100 /var/lib/dpkg/status 208-8ubuntu8 0 500 http://hu.archive.ubuntu.com/ubuntu/ utopic/main amd64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd-shim/+bug/1426362/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp
[Dx-packages] [Bug 1426362] Re: logind session files fill up /run space
I am having the same issue on Ubuntu 16.04 now. All sessions appear to be for one user that is used for incoming ssh connections for rsync. Here's an example: $ loginctl show-session 59 Id=59 User=1004 Name=raccess Timestamp=Чт 2018-03-29 20:20:03 MSK TimestampMonotonic=1763641802 VTNr=0 Remote=yes RemoteHost=216.126.59.227 Service=sshd Scope=session-59.scope Leader=2814 Audit=59 Type=tty Class=user Active=yes State=closing IdleHint=no IdleSinceHint=0 IdleSinceHintMonotonic=0 I don't see any processes running under user raccess apart from system ones: $ ps aux | grep raccess | grep -v grep raccess 2822 0.0 1.6 6384 4132 ?Ss 20:20 0:00 /lib/systemd/systemd --user raccess 2823 0.0 0.4 7316 1096 ?S20:20 0:00 (sd-pam) And here's an output of lsof -u raccess: https://pbin.cf/444b2d29 This is happening on two servers. -- You received this bug notification because you are a member of DX Packages, which is subscribed to systemd-shim in Ubuntu. https://bugs.launchpad.net/bugs/1426362 Title: logind session files fill up /run space Status in systemd-shim package in Ubuntu: Confirmed Bug description: Under Ubuntu 14.10 (server), systemd fills up /run/systemd/sessions directory with files. The files are 240-260 bytes, but there are many As per default install, /run is on tmpfs with 50 MB size. After a couple of days, /run/ runs out of free space, which can cause not so funny errors, like failed kernel update (kernel postinst tries to create files here, then fails) As I see, thesefiles are releated to ssh sesssions, and yes there are plenty SSH connection to this host. Shouldn't systemd remove these old session files? # lsb_release -rd Description:Ubuntu 14.10 Release:14.10 # apt-cache policy systemd systemd: Installed: 208-8ubuntu8.2 Candidate: 208-8ubuntu8.2 Version table: *** 208-8ubuntu8.2 0 500 http://hu.archive.ubuntu.com/ubuntu/ utopic-updates/main amd64 Packages 100 /var/lib/dpkg/status 208-8ubuntu8 0 500 http://hu.archive.ubuntu.com/ubuntu/ utopic/main amd64 Packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd-shim/+bug/1426362/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp
[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
The weird version is no-go, bionic-proposed is not supposed to be used, it's a pocket designed for packages testing and validation, if you opt in for that you should know what you are doing. It's easy enough to go back, just install dconf-server/bionic libdconf1/bionic etc for all the dconf binaries you need -- You received this bug notification because you are a member of DX Packages, which is subscribed to d-conf in Ubuntu. Matching subscriptions: dx-packages https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp
[Dx-packages] [Bug 1740637] Re: Remove python-appindicator and gir1.2-appindicator-0.1
** Description changed: gir1.2-appindicator-0.1 has no reverse dependencies (it is for gtk2 GObject Introspection) After removals are processed for other reasons, there are only 2 packages that recommend python-appindicator. It would be trivial to drop the recommends. Those 2 packages (deluge and gtk-recordmydesktop) are scheduled for autoremoval from Debian Testing in February because they use pygtk. $ reverse-depends python-appindicator Reverse-Recommends == * deluge-gtk - * gpodder — should be fixed once 3.10.0 is packaged * gtk-recordmydesktop - * sbackup-gtk — RM requested in LP: #1739800 - * winswitch — RM requested in LP: #1739797 Reverse-Depends === - * aws-status — RM requested in LP: #1739797 - * cherrytree — RM requested in LP: #1731725 - * glipper — RM requested in LP: #1739800 + * cherrytree — RM requested in LP: #1731725 (dependency on python-appindicator was already dropped early in bionic) * hamster-indicator — source is hamster-applet, RM requested in LP: #1739797 - * python-seelablet — RM requested in LP: #1740631 -- OTHER GTK2 REVERSE DEPENDS -- The other gtk2 libraries for libappindicator aren't planned for removal yet. - $ reverse-depends libappindicator0.1-cil Reverse-Depends === * banshee-extension-appindicator * libappindicator0.1-cil-dev * tasque * tomboy $ reverse-depends libappindicator1 Reverse-Recommends == * nautilus-dropbox * telegram-desktop Reverse-Depends === * alarm-clock-applet * clipit * gir1.2-appindicator-0.1 (proposed removal here) * gmpc * gnome-ppp * growl-for-linux * guake-indicator * gxkb * hime * indicator-application-gtk2 * libappindicator-dev * libappindicator0.1-cil * libgtk2-appindicator-perl (shutter is the only rdepends here, shutter still depends on libgnome though) * linuxdcpp * nitroshare * parcellite * python-appindicator (proposed removal here) * quicksynergy * wallch -- You received this bug notification because you are a member of DX Packages, which is subscribed to libappindicator in Ubuntu. Matching subscriptions: dx-packages https://bugs.launchpad.net/bugs/1740637 Title: Remove python-appindicator and gir1.2-appindicator-0.1 Status in libappindicator package in Ubuntu: New Bug description: gir1.2-appindicator-0.1 has no reverse dependencies (it is for gtk2 GObject Introspection) After removals are processed for other reasons, there are only 2 packages that recommend python-appindicator. It would be trivial to drop the recommends. Those 2 packages (deluge and gtk-recordmydesktop) are scheduled for autoremoval from Debian Testing in February because they use pygtk. $ reverse-depends python-appindicator Reverse-Recommends == * deluge-gtk * gtk-recordmydesktop Reverse-Depends === * cherrytree — RM requested in LP: #1731725 (dependency on python-appindicator was already dropped early in bionic) * hamster-indicator — source is hamster-applet, RM requested in LP: #1739797 -- OTHER GTK2 REVERSE DEPENDS -- The other gtk2 libraries for libappindicator aren't planned for removal yet. $ reverse-depends libappindicator0.1-cil Reverse-Depends === * banshee-extension-appindicator * libappindicator0.1-cil-dev * tasque * tomboy $ reverse-depends libappindicator1 Reverse-Recommends == * nautilus-dropbox * telegram-desktop Reverse-Depends === * alarm-clock-applet * clipit * gir1.2-appindicator-0.1 (proposed removal here) * gmpc * gnome-ppp * growl-for-linux * guake-indicator * gxkb * hime * indicator-application-gtk2 * libappindicator-dev * libappindicator0.1-cil * libgtk2-appindicator-perl (shutter is the only rdepends here, shutter still depends on libgnome though) * linuxdcpp * nitroshare * parcellite * python-appindicator (proposed removal here) * quicksynergy * wallch To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libappindicator/+bug/1740637/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp
[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
This bug was fixed in the package d-conf - 0.26.0-2ubuntu3 --- d-conf (0.26.0-2ubuntu3) bionic; urgency=medium * 0001-Don-t-create-the-user-config-dir-as-world-readable.patch: - create the config dir with permissions 700 so it's not world readable (lp: #1735929) -- Sebastien BacherThu, 29 Mar 2018 11:01:28 +0200 ** Changed in: d-conf (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of DX Packages, which is subscribed to d-conf in Ubuntu. Matching subscriptions: dx-packages https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Released Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Released Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp
[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Next proposal: rename to 0.26.1-3ubuntu3+isreally+0.26.0-2ubuntu3 -- You received this bug notification because you are a member of DX Packages, which is subscribed to d-conf in Ubuntu. Matching subscriptions: dx-packages https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Committed Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Committed Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp
[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Also, this is why I try suggesting really strongly to you guys not to run -proposed during the development cycle because these kind of removals happen. (Maybe you just need to make sure you downgrade all the dconf binary packages at the same time.) -- You received this bug notification because you are a member of DX Packages, which is subscribed to d-conf in Ubuntu. Matching subscriptions: dx-packages https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Committed Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Committed Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp
[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
dino99, we can't easily just set the version higher since the autopkgtest issue is triggered by 0.26.1 and higher versions. http://autopkgtest.ubuntu.com/packages/n/notify-osd/bionic/armhf -- You received this bug notification because you are a member of DX Packages, which is subscribed to d-conf in Ubuntu. Matching subscriptions: dx-packages https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Committed Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Committed Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp
[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
Yeah but that tweak is quite dirty: try to downgrade from 0.26.1-3ubuntu2 to 0.26.0-2ubuntu3, and you are proposed to remove half of the packages list. Maybe set the proposed version higher than the previous proposed one to bypass that issue. -- You received this bug notification because you are a member of DX Packages, which is subscribed to d-conf in Ubuntu. Matching subscriptions: dx-packages https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Committed Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Committed Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp
[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
No, that was "dconf" (rename) and that never migrated to bionic due to armhf autopkgtest issues, I deleted that version to land that fix, the update can be uploaded again if someone figures out the test issues -- You received this bug notification because you are a member of DX Packages, which is subscribed to d-conf in Ubuntu. Matching subscriptions: dx-packages https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Committed Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Committed Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp
[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
d-conf (0.26.0-2ubuntu3) bionic; urgency=medium * 0001-Don-t-create-the-user-config-dir-as-world-readable.patch: - create the config dir with permissions 700 so it's not world readable (lp: #1735929) -- Sebastien BacherThu, 29 Mar 2018 11:01:28 +0200 uh !! bionic-proposed is already at 0.26.1-3ubuntu2 so 0.26.0-2ubuntu3 is supposed to be uploaded to Artful archive , not bionic. -- You received this bug notification because you are a member of DX Packages, which is subscribed to d-conf in Ubuntu. Matching subscriptions: dx-packages https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Committed Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Committed Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp
[Dx-packages] [Bug 1735929] Re: security problems with incorrect permissions for ubuntu 17.10
** Changed in: d-conf (Ubuntu Bionic) Status: Triaged => Fix Committed -- You received this bug notification because you are a member of DX Packages, which is subscribed to d-conf in Ubuntu. Matching subscriptions: dx-packages https://bugs.launchpad.net/bugs/1735929 Title: security problems with incorrect permissions for ubuntu 17.10 Status in dconf: Confirmed Status in gnome-session: Confirmed Status in d-conf package in Ubuntu: Fix Committed Status in dconf package in Ubuntu: Triaged Status in gnome-session package in Ubuntu: Triaged Status in session-migration package in Ubuntu: Fix Released Status in d-conf source package in Bionic: Fix Committed Status in dconf source package in Bionic: Triaged Status in gnome-session source package in Bionic: Triaged Status in session-migration source package in Bionic: Fix Released Bug description: The release of Ubuntu you are using (lsb_release -rd): Description: Ubuntu 17.10 Release: 17.10 This is a fresh installation of Ubuntu 17.10 from the mini.iso. I select only default options + [Ubuntu Desktop] installation. What you expected to happen: My home folder contains the following folders with correct and safe permissions after the first login: drwx-- 11 user user 4096 Dec 2 17:40 .config drwx-- 3 user user 4096 Dec 2 17:39 .local What happened instead: I received these folders after the first login: drwxr-xr-x 11 user user 4096 Dec 2 17:40 .config drwxr-xr-x 3 user user 4096 Dec 2 17:39 .local It is not safe. Any user can access to my .config folders and read for example my mail databases I'm trying to create a new user...: sudo useradd -m user2 sudo passwd user2 ... and login then. It has the same problem: drwxr-xr-x 10 user2 user2 4096 Dec 2 19:44 .config drwxr-xr-x 3 user2 user2 4096 Dec 2 19:44 .local To manage notifications about this bug go to: https://bugs.launchpad.net/dconf/+bug/1735929/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp
[Dx-packages] [Bug 1150792] Re: zeitgeist-daemon crashed with SIGABRT in zeitgeist_engine_insert_event()
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: zeitgeist (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of DX Packages, which is subscribed to zeitgeist in Ubuntu. Matching subscriptions: dx-packages https://bugs.launchpad.net/bugs/1150792 Title: zeitgeist-daemon crashed with SIGABRT in zeitgeist_engine_insert_event() Status in zeitgeist package in Ubuntu: Confirmed Bug description: Description: Ubuntu Raring Ringtail (development branch) Release: 13.04 Ubuntu Software Center: 5.5.5 ProblemType: Crash DistroRelease: Ubuntu 13.04 Package: zeitgeist-core 0.9.5-0ubuntu1 ProcVersionSignature: Ubuntu 3.8.0-9.18-generic 3.8.1 Uname: Linux 3.8.0-9-generic x86_64 NonfreeKernelModules: fglrx ApportVersion: 2.9-0ubuntu2 Architecture: amd64 Date: Wed Mar 6 18:18:13 2013 ExecutablePath: /usr/bin/zeitgeist-daemon InstallationDate: Installed on 2013-03-03 (3 days ago) InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Alpha amd64 (20130302) MarkForUpload: True ProcCmdline: /usr/bin/zeitgeist-daemon Signal: 6 SourcePackage: zeitgeist StacktraceTop: zeitgeist_engine_insert_events () _start () Title: zeitgeist-daemon crashed with SIGABRT in zeitgeist_engine_insert_events() UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin plugdev sambashare sudo To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/zeitgeist/+bug/1150792/+subscriptions -- Mailing list: https://launchpad.net/~dx-packages Post to : dx-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~dx-packages More help : https://help.launchpad.net/ListHelp