Bug#417894: marked as done (xfsdump: xfs_fsr makes world writeable temporary directories)

Debian Bug Tracking System Mon, 28 May 2007 00:08:00 -0700

Your message dated Mon, 28 May 2007 07:02:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#417894: fixed in xfsdump 2.2.45-1
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: xfsdump
Version: 2.2.38-1
Severity: grave
Tags: security

Whilst xfs_fsr is running, it creates a directory of known name, .fsr, 
in the root of the filesystem it's working on. This directory and the 
subdirectories it creates are world writeable.

$ ls -la /store/.fsr
total 8
drwxrwxrwx 18 root root 4096 2007-04-05 11:17 .
drwxr-xr-x 25 pm   pm   4096 2007-04-05 11:17 ..
drwxrwxrwx  2 root root    6 2007-04-05 11:21 ag0
drwxrwxrwx  2 root root    6 2007-04-05 11:21 ag1
drwxrwxrwx  2 root root    6 2007-04-05 11:19 ag10
drwxrwxrwx  2 root root    6 2007-04-05 11:19 ag11
drwxrwxrwx  2 root root    6 2007-04-05 11:19 ag12
drwxrwxrwx  2 root root    6 2007-04-05 11:20 ag13
drwxrwxrwx  2 root root    6 2007-04-05 11:20 ag14
drwxrwxrwx  2 root root    6 2007-04-05 11:21 ag15
drwxrwxrwx  2 root root    6 2007-04-05 11:21 ag2
drwxrwxrwx  2 root root    6 2007-04-05 11:22 ag3
drwxrwxrwx  2 root root    6 2007-04-05 11:22 ag4
drwxrwxrwx  2 root root    6 2007-04-05 11:22 ag5
drwxrwxrwx  2 root root    6 2007-04-05 11:22 ag6
drwxrwxrwx  2 root root    6 2007-04-05 11:22 ag7
drwxrwxrwx  2 root root    6 2007-04-05 11:22 ag8
drwxrwxrwx  2 root root    6 2007-04-05 11:23 ag9


Looking at fsr/xfs_fsr.c, I find...


static void
tmp_init(char *mnt)
{
        int     i;
        static char     buf[SMBUFSZ];
        mode_t  mask;

        tmp_agi = 0;
        sprintf(buf, "%s/.fsr", mnt);

        mask = umask(0);
        if (mkdir(buf, 0777) < 0) {
                if (errno == EEXIST) {



-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (99, 
'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)

Versions of packages xfsdump depends on:
ii  libattr1 1:2.4.32-1.1                    Extended attribute shared library
ii  libc6    2.3.6.ds1-13                    GNU C Library: Shared libraries
ii  libdm0   2.2.4-1                         Data Management API runtime enviro
ii  libncurs 5.5-5                           Shared libraries for terminal hand
ii  libuuid1 1.39+1.40-WIP-2006.11.14+dfsg-2 universally unique id library
ii  xfsprogs 2.8.18-1                        Utilities for managing the XFS fil

xfsdump recommends no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: xfsdump
Source-Version: 2.2.45-1

We believe that the bug you reported is fixed in the latest version of
xfsdump, which is due to be installed in the Debian FTP archive:

xfsdump_2.2.45-1.dsc
  to pool/main/x/xfsdump/xfsdump_2.2.45-1.dsc
xfsdump_2.2.45-1.tar.gz
  to pool/main/x/xfsdump/xfsdump_2.2.45-1.tar.gz
xfsdump_2.2.45-1_i386.deb
  to pool/main/x/xfsdump/xfsdump_2.2.45-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nathan Scott <[EMAIL PROTECTED]> (supplier of updated xfsdump package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 28 May 2007 16:09:14 +1000
Source: xfsdump
Binary: xfsdump
Architecture: source i386
Version: 2.2.45-1
Distribution: unstable
Urgency: low
Maintainer: Nathan Scott <[EMAIL PROTECTED]>
Changed-By: Nathan Scott <[EMAIL PROTECTED]>
Description: 
 xfsdump    - Administrative utilities for the XFS filesystem
Closes: 417894
Changes: 
 xfsdump (2.2.45-1) unstable; urgency=low
 .
   * New upstream release (closes: #417894).
Files: 
 9f90b4ffb1427acdb35747514a676a2d 597 admin optional xfsdump_2.2.45-1.dsc
 f1b0db5d998e7ad949b6af65fa09d952 557005 admin optional xfsdump_2.2.45-1.tar.gz
 4bc8e744223e29d225fa0ef3778e904a 303224 admin optional 
xfsdump_2.2.45-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGWnNSm8fl3HSIa2MRAuL4AJ9IEwuvQLqaCvo9SsAHWN6eCIkoGACgmbAj
pTYWkuhzBOwgcsn4wr0YVBo=
=AnJP
-----END PGP SIGNATURE-----

--- End Message ---

Bug#417894: marked as done (xfsdump: xfs_fsr makes world writeable temporary directories)

Reply via email to