[Bug 727837] Re: dhcp3-server fails to drop privileges properly
dhcp3 was superceded by isc-dhcp between lucid and precise and therefore is not available under any supported ubuntu release. Marking the task dhcp3 as "Won't Fix". ** Changed in: dhcp3 (Ubuntu) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
lucid has seen the end of its life and is no longer receiving any updates. Marking the lucid task for this ticket as "Won't Fix". ** Changed in: dhcp3 (Ubuntu Lucid) Status: Confirmed => Won't Fix -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
** Branch linked: lp:~smoser/ubuntu/precise/isc-dhcp/precise- updates.dist -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
** Branch linked: lp:~smoser/ubuntu/raring/isc-dhcp/nouid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
This bug was fixed in the package isc-dhcp - 4.1.ESV-R4-0ubuntu5.6 --- isc-dhcp (4.1.ESV-R4-0ubuntu5.6) precise-proposed; urgency=low [ Scott Moser ] * debian/apparmor-profile.dhcpd: use include directory to enable other packages to re-use isc-dhcp-server. (LP: #1049177) [ Stéphane Graber ] * Update onetry_retry_after_initial_success to disable the onetry variable early enough to actually prevent dhclient from exiting. (LP: #974284) * Update droppriv patch to also call initgroups() (LP: #727837) -- Stephane GraberTue, 18 Sep 2012 10:34:10 -0400 ** Changed in: isc-dhcp (Ubuntu Precise) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
I remember testing this and nobody reported any regression, good to go. ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
Hello Juha, or anyone else affected, Accepted isc-dhcp into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/isc- dhcp/4.1.ESV-R4-0ubuntu5.6 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please change the bug tag from verification-needed to verification-done. If it does not, change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: isc-dhcp (Ubuntu Precise) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
** Changed in: isc-dhcp (Ubuntu Precise) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
Fix committed to my local branch, should get uploaded later this week. ** Changed in: isc-dhcp (Ubuntu Precise) Status: New => In Progress ** Changed in: isc-dhcp (Ubuntu Precise) Assignee: (unassigned) => Stéphane Graber (stgraber) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
** Branch linked: lp:ubuntu/isc-dhcp -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
This bug was fixed in the package isc-dhcp - 4.2.4-1ubuntu1 --- isc-dhcp (4.2.4-1ubuntu1) quantal; urgency=low * Merge from Debian. Remaining changes: (LP: #768171, LP: #841182, LP: #881558, LP: #872929, LP: #616809) - Use upstart jobs for isc-dhcp-server and isc-dhcp-relay. - Add IPv6 support to udeb dhclient-script (forwarded as Debian #635897). - Add an apport hook to isc-dhcp-client and isc-dhcp-server. - Add an apparmor profile to isc-dhcp-client and isc-dhcp-server. - Update default dhclient.conf to ask for IPv6 configuration. - Patches: + dhclient-fix-backoff + dhclient-more-debug + dhclient-onetry-call-clientscript + dhclient-safer-timeout + dhcpd.conf-subnet-examples + multi-ip-addr-per-if + onetry_retry_after_initial_success + revert-next-server * Set fqdn.fqdn to the result of gethostname(); (LP: #991360) * Replace old droppriv and deroot patches by use of --enable-paranoia and matching -user and -group parameters to dhcpd. (LP: #727837) * Allow read access to /etc/dhcp/ddns-keys/* for ddns. (LP: #341817) It's expected that people generate one key per zone and have it stored in both /etc/bind9 and /etc/dhcp/ddns-keys/ for security reason. * Fix apport hook to work with python3. isc-dhcp (4.2.4-1) unstable; urgency=low * New upstream release * debian/control: reformatted Uploaders so that dch doesn't think I'm making NMUs * debian/rules: do a clean between the LDAP-enabled build and the non-LDAP-enabled one, so that no LDAP-related artefacts are accidently incorporated into the non-LDAP build * debian/dhclient-script.*: conditionalise the chown/chmod of the new resolv.conf on the existence of the old one (closes: #595400) * debian/dhclient-script.linux: comply with RFC 3442 and ignore the routers option if the rfc3442-classless-static-routes option is present (closes: #592735) * debian/dhclient-script.kfreebsd: fix subnet mask handling (closes: #677985) isc-dhcp (4.2.2.dfsg.1-5) unstable; urgency=medium [ Andrew Pollock ] * debian/dhclient.conf: send the hostname (closes: #151820) [ Michael Gilbert ] * Fix cve-2011-4868: error in DDNS handling with IPv6 (closes: #655746) * Fix cve-2011-4539: error in regular expression handling (closes: #652259) * Make dependencies diff-able * Add myself to uploaders * Remove all automatically generated files in clean rule * Medium urgency for security updates isc-dhcp (4.2.2.dfsg.1-4) unstable; urgency=low * The "Zoe woke up at 4am and I couldn't get back to sleep so I had some extra time to work on this" release * patch the Makefile for the embedded BIND libraries so that autoconf is run so that the modification to configure.in to fix the FTBFS on kFreeBSD actually does something useful (closes: #643569) isc-dhcp (4.2.2.dfsg.1-3) unstable; urgency=low * debian/control: remove transitional packages * debian/rules: apply the intent of Pierre Chifflier's patch to enable hardening options (closes: #644413) * debian/control: also add inetutils-ping to the dependencies for isc-dhcp-client on hurd (closes: #648140) * Convert to 3.0 (quilt) source format: - debian/control: remove build-dep on dpatch - debian/rules: stop including dpatch.make - debian/rules: remove dpatch-related target dependencies - convert patches from dpatch to pure quilt - remove debian/README.source * debian/rules: cleaned up the target names a bit to reflect the lack of patching going on now * repack bind.tar.gz in upstream source tarball to patch configure.in for FTBFS on kFreeBSD and remove RFCs (closes: #643569, #645760) * debian/watch: add dversionmangle to deal with dfsg upstream tarball * Updated Dutch debconf template translation (closes: #651396) * Added Polish debconf template translation (closes: #659372) * Updated Brazilian Portugeuse debconf template translation (closes: #663494) * debian/control: bumped Standards-Version (no changes) isc-dhcp (4.2.2-2) unstable; urgency=low * debian/rules: use dpkg-buildflags to set CFLAGS, and export CFLAGS (closes: #643470) * debian/dhclient.conf: revert hostname setting behaviour to something equivalent to what upstream ships to avoid surprising people with unwanted hostname changes when changing networks (closes: #648676) * debian/dhclient-script.kfreebsd: apply patch from Robert Millan to resync dhclient-script with FreeBSD version (closes: #645502) * debian/control: add inetutils-ping to the dependencies for isc-dhcp-client on kfreebsd (closes: #648140) * Updated German debconf template translation (closes: #641843) * added harding-wrapper to build dependencies and invoke it in debian/rules (closes: #611192) isc-dhcp (4.2.2-1) unstable; urgency=low * New upstream release, includes security fixes for CVE-2011-2748 and CVE-2011-2749 (closes: #638404)
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
Thanks Stéphane, This isn't a security flaw per se requiring a CVE. If you have something to SRU in previous releases, you can include this, else we'll bundle it next time we do have a security issue to fix. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
For previous releases, I think the attached patch should do the trick. security-team: any problem with that patch? do you want to have this issued as a security fix for previous releases? ** Patch added: "Call initgroups() when dropping capabilities" https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/727837/+attachment/3206891/+files/fix-bug727837.diff -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
For quantal I'll simply start using --enable-paranoia, introduced upstream with 4.1 that adds support for -user and -group to dhcpd. I confirmed with the testcase above that groups is properly set using that option. ** Changed in: isc-dhcp (Ubuntu Quantal) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
** Changed in: isc-dhcp (Ubuntu Quantal) Status: Confirmed => In Progress ** Changed in: isc-dhcp (Ubuntu Quantal) Assignee: (unassigned) => Stéphane Graber (stgraber) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
** No longer affects: dhcp3 (Ubuntu Dapper) ** No longer affects: dhcp3 (Ubuntu Natty) ** No longer affects: dhcp3 (Ubuntu Karmic) ** No longer affects: isc-dhcp (Ubuntu Maverick) ** No longer affects: isc-dhcp (Ubuntu Lucid) ** No longer affects: isc-dhcp (Ubuntu Karmic) ** No longer affects: dhcp3 (Ubuntu Maverick) ** No longer affects: isc-dhcp (Ubuntu Dapper) ** No longer affects: isc-dhcp (Ubuntu Hardy) ** Also affects: dhcp3 (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: isc-dhcp (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: dhcp3 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: isc-dhcp (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: dhcp3 (Ubuntu Quantal) Importance: Undecided Status: Confirmed ** Also affects: isc-dhcp (Ubuntu Quantal) Importance: Undecided Status: Confirmed ** No longer affects: dhcp3 (Ubuntu Quantal) ** No longer affects: dhcp3 (Ubuntu Precise) ** No longer affects: dhcp3 (Ubuntu Oneiric) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/dhcp3/+bug/727837/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 727837] Re: dhcp3-server fails to drop privileges properly
** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to dhcp3 in Ubuntu. https://bugs.launchpad.net/bugs/727837 Title: dhcp3-server fails to drop privileges properly -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs