[Bug 299560] Re: Insecure xfs start/stop script

2010-03-17 Thread Artur Rona 
xfs (1:1.0.8-6) unstable; urgency=low

  * QA upload.
  * Unsafe /tmp usage fixed in the init script. (Closes: #521107)
 -- Ubuntu Archive Auto-Sync  arch...@ubuntu.com   Mon,  30 Nov 2009 23:47:14 
+

** Changed in: xfs (Ubuntu)
   Status: Triaged = Fix Released

-- 
Insecure xfs start/stop script
https://bugs.launchpad.net/bugs/299560
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 299560] Re: Insecure xfs start/stop script

2009-11-18 Thread Bug Watch Updater 
** Changed in: xfs (Debian)
   Status: New = Fix Released

-- 
Insecure xfs start/stop script
https://bugs.launchpad.net/bugs/299560
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 299560] Re: Insecure xfs start/stop script

2009-10-07 Thread Bug Watch Updater 
** Changed in: xfs (Debian)
   Status: Unknown = New

-- 
Insecure xfs start/stop script
https://bugs.launchpad.net/bugs/299560
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 299560] Re: Insecure xfs start/stop script

2009-09-02 Thread Bryce Harrington 
** Tags added: hardy

-- 
Insecure xfs start/stop script
https://bugs.launchpad.net/bugs/299560
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 299560] Re: Insecure xfs start/stop script

2009-03-24 Thread Kees Cook 
** Changed in: xfs (Ubuntu)
   Importance: Undecided = Low

** Changed in: xfs (Ubuntu)
   Status: Incomplete = Triaged

-- 
Insecure xfs start/stop script
https://bugs.launchpad.net/bugs/299560
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 299560] Re: Insecure xfs start/stop script

2009-03-24 Thread Kees Cook 
** Bug watch added: Debian Bug tracker #521107
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521107

** Also affects: xfs (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521107
   Importance: Unknown
   Status: Unknown

-- 
Insecure xfs start/stop script
https://bugs.launchpad.net/bugs/299560
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 299560] Re: Insecure xfs start/stop script

2009-01-17 Thread Bryce Harrington 
** Description changed:

  Binary package hint: xfs
  
  The xfs start/stop script /etc/init.d/xfs is insecure. There is a
  problematic function set_up_socket_dir in this script:
  
  SOCKET_DIR=/tmp/.font-unix
  [...]
  set_up_socket_dir () {
echo -n Setting up X font server socket directory $SOCKET_DIR...
if [ -e $SOCKET_DIR ]  ! [ -d $SOCKET_DIR ]; then
  mv $SOCKET_DIR $SOCKET_DIR.$$
fi
if ! [ -d $SOCKET_DIR ]; then
  mkdir -m 1777 $SOCKET_DIR || :
  do_restorecon $SOCKET_DIR || :
fi
echo done.
  }
  
  This function moves /tmp/.font-unix to /tmp/.font-unix.$$. Unfortunately
  $$ is predictable and there is no test, that /tmp/.font-unix.$$ does not
  already exist. So especially symlink attacks are possible. The attack is
  only possible, if /tmp/.font-unix does not already exist. Then an
  attacker could create an /tmp/.font-unix file (not directory) and create
  some symlinks in the form /tmp/.font-unix. (where  are possible
  PID numbers). The start script than moves /tmp/.font-unix to an
  symlinked directory /tmp/.font-unix..
  
  I suggest to delete the contents of /tmp/.font-unix is this file is not
  a directory. For instance rm -rf /tmp/.font-unix should be ok (rm
  from coreutils should be safe). A possible fix is also described here:
  https://bugzilla.novell.com/show_bug.cgi?id=408006
  
- The problem was found in Ubuntu 8.04 (xfs-1:1.0.5-2). An exploit idea is
- attached.
+ The problem was found in Ubuntu 8.04 (xfs-1:1.0.5-2). An exploit idea is 
attached.
+ [lspci]
+ 00:00.0 Host bridge [0600]: ATI Technologies Inc RS200/RS200M AGP Bridge [IGP 
340M] [1002:cbb2] (rev 02)
+   Subsystem: Sony Corporation Device [104d:8175]
+ 01:05.0 VGA compatible controller [0300]: ATI Technologies Inc M9+ 5C61 
[Radeon Mobility 9200 (AGP)] [1002:5c61] (rev 01)
+   Subsystem: Sony Corporation Device [104d:8175]

-- 
Insecure xfs start/stop script
https://bugs.launchpad.net/bugs/299560
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 299560] Re: Insecure xfs start/stop script

2009-01-09 Thread Bjoern Voigt 
Here is the output of `lspci -vvnn`. But I don't think that this is a
hardware related bug.

** Attachment added: Output of `lspci -vvnn`
   http://launchpadlibrarian.net/21049638/lspci-vvnn.log

-- 
Insecure xfs start/stop script
https://bugs.launchpad.net/bugs/299560
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 299560] Re: Insecure xfs start/stop script

2009-01-08 Thread Bryce Harrington 
[This is an automated message]

Hi bjoern,


Please attach the output of `lspci -vvnn` too.


** Changed in: xfs (Ubuntu)
   Status: New = Incomplete

-- 
Insecure xfs start/stop script
https://bugs.launchpad.net/bugs/299560
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 299560] Re: Insecure xfs start/stop script

2009-01-05 Thread Ansgar Burchardt 
** Bug watch added: Novell/SUSE Bugzilla #408006
   https://bugzilla.novell.com/show_bug.cgi?id=408006

** Also affects: opensuse via
   https://bugzilla.novell.com/show_bug.cgi?id=408006
   Importance: Unknown
   Status: Unknown

-- 
Insecure xfs start/stop script
https://bugs.launchpad.net/bugs/299560
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 299560] Re: Insecure xfs start/stop script

2009-01-05 Thread Bug Watch Updater 
** Changed in: opensuse
   Status: Unknown = Fix Released

-- 
Insecure xfs start/stop script
https://bugs.launchpad.net/bugs/299560
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 299560] Re: Insecure xfs start/stop script

2008-11-26 Thread Jamie Strandboge 
** Visibility changed to: Public

-- 
Insecure xfs start/stop script
https://bugs.launchpad.net/bugs/299560
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs