Your message dated Tue, 20 May 2008 23:02:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#482085: fixed in freeradius 2.0.4+dfsg-2
has caused the Debian Bug report #482085,
regarding freeradius leaves /var/log/freeradius world readable with world
readable files in it
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
482085: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482085
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: freeradius
Version: 1.1.7-1
Severity: grave
Tags: security
Justification: user security hole
By default freeradius leaves /var/log/freeradius with permissions 755.
Enabling sqltrace will result in a world-readable sqltrace in this,
possibly containing cleartext passwords.
Been there, done that, lost two passwords.
Is there a reason for having /var/log/freeradius world-readable?
Syggestion:
Change /var/log/freeradius permissions to 750.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'unstable'), (500, 'testing')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages freeradius depends on:
ii adduser 3.102 Add and remove users and groups
ii libc6 2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii libgdbm3 1.8.3-3 GNU dbm database routines (runtime
ii libltdl3 1.5.22-4 A system independent dlopen wrappe
ii libpam0g 0.79-5 Pluggable Authentication Modules l
ii libperl5.8 5.8.8-7etch3 Shared Perl library
ii libsnmp9 5.2.3-7etch2 NET SNMP (Simple Network Managemen
ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip
freeradius recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: freeradius
Source-Version: 2.0.4+dfsg-2
We believe that the bug you reported is fixed in the latest version of
freeradius, which is due to be installed in the Debian FTP archive:
freeradius-common_2.0.4+dfsg-2_all.deb
to pool/main/f/freeradius/freeradius-common_2.0.4+dfsg-2_all.deb
freeradius-dbg_2.0.4+dfsg-2_i386.deb
to pool/main/f/freeradius/freeradius-dbg_2.0.4+dfsg-2_i386.deb
freeradius-dialupadmin_2.0.4+dfsg-2_all.deb
to pool/main/f/freeradius/freeradius-dialupadmin_2.0.4+dfsg-2_all.deb
freeradius-iodbc_2.0.4+dfsg-2_i386.deb
to pool/main/f/freeradius/freeradius-iodbc_2.0.4+dfsg-2_i386.deb
freeradius-krb5_2.0.4+dfsg-2_i386.deb
to pool/main/f/freeradius/freeradius-krb5_2.0.4+dfsg-2_i386.deb
freeradius-ldap_2.0.4+dfsg-2_i386.deb
to pool/main/f/freeradius/freeradius-ldap_2.0.4+dfsg-2_i386.deb
freeradius-mysql_2.0.4+dfsg-2_i386.deb
to pool/main/f/freeradius/freeradius-mysql_2.0.4+dfsg-2_i386.deb
freeradius-postgresql_2.0.4+dfsg-2_i386.deb
to pool/main/f/freeradius/freeradius-postgresql_2.0.4+dfsg-2_i386.deb
freeradius-utils_2.0.4+dfsg-2_i386.deb
to pool/main/f/freeradius/freeradius-utils_2.0.4+dfsg-2_i386.deb
freeradius_2.0.4+dfsg-2.diff.gz
to pool/main/f/freeradius/freeradius_2.0.4+dfsg-2.diff.gz
freeradius_2.0.4+dfsg-2.dsc
to pool/main/f/freeradius/freeradius_2.0.4+dfsg-2.dsc
freeradius_2.0.4+dfsg-2_i386.deb
to pool/main/f/freeradius/freeradius_2.0.4+dfsg-2_i386.deb
libfreeradius-dev_2.0.4+dfsg-2_i386.deb
to pool/main/f/freeradius/libfreeradius-dev_2.0.4+dfsg-2_i386.deb
libfreeradius2_2.0.4+dfsg-2_i386.deb
to pool/main/f/freeradius/libfreeradius2_2.0.4+dfsg-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stephen Gran <[EMAIL PROTECTED]> (supplier of updated freeradius package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 20 May 2008 19:38:27 +0100
Source: freeradius
Binary: freeradius freeradius-common freeradius-utils freeradius-krb5
freeradius-ldap freeradius-mysql freeradius-iodbc freeradius-postgresql
libfreeradius2 libfreeradius-dev freeradius-dialupadmin freeradius-dbg
Architecture: source i386 all
Version: 2.0.4+dfsg-2
Distribution: unstable
Urgency: low
Maintainer: Stephen Gran <[EMAIL PROTECTED]>
Changed-By: Stephen Gran <[EMAIL PROTECTED]>
Description:
freeradius - a high-performance and highly configurable RADIUS server
freeradius-common - FreeRadius common files
freeradius-dbg - a high-performance and highly configurable RADIUS server;
debug s
freeradius-dialupadmin - set of PHP scripts for administering a FreeRADIUS
server
freeradius-iodbc - iODBC module for FreeRADIUS server
freeradius-krb5 - kerberos module for FreeRADIUS server
freeradius-ldap - LDAP module for FreeRADIUS server
freeradius-mysql - MySQL module for FreeRADIUS server
freeradius-postgresql - PostgreSQL module for FreeRADIUS server
freeradius-utils - FreeRadius client utilities
libfreeradius-dev - FreeRADIUS shared library development files
libfreeradius2 - FreeRADIUS shared library
Closes: 482085
Changes:
freeradius (2.0.4+dfsg-2) unstable; urgency=low
.
* Install /var/log/freeradius 0750 so that people writing their passwords to
logfiles don't accidentally leak them without noticing (closes: #482085)
Checksums-Sha1:
b7a79cbc0d9d9753425fa0343ab537a454187761 1465 freeradius_2.0.4+dfsg-2.dsc
0ca0f6910ea83747f0a105923fa0add6e477b148 791 freeradius_2.0.4+dfsg-2.diff.gz
42c0f061748c092fc8dfcd1820ba54a9b9d74177 475244
freeradius_2.0.4+dfsg-2_i386.deb
afa682605c3699ff6a96831b357a0b4af21160d0 71158
freeradius-utils_2.0.4+dfsg-2_i386.deb
80f83d544a78d0f6eb90f7d02f2ba388eeb31b9e 17690
freeradius-krb5_2.0.4+dfsg-2_i386.deb
8014f8593985acc3f13b1132e1f76444c98db4e3 34500
freeradius-ldap_2.0.4+dfsg-2_i386.deb
67d0ae022013212d22f5eb94af1ee50602866460 24278
freeradius-mysql_2.0.4+dfsg-2_i386.deb
6338360cadd137dd71a828d2ab2806db67db5842 16812
freeradius-iodbc_2.0.4+dfsg-2_i386.deb
eeba122d070280d0d7fb915a9bc9179a9205f66f 35444
freeradius-postgresql_2.0.4+dfsg-2_i386.deb
f76389f92f57f9e0ab48dd79a110a71e8610f56b 76346
libfreeradius2_2.0.4+dfsg-2_i386.deb
5e58e902beb17effc4f7583cb92a6ff40e6f57d2 94732
libfreeradius-dev_2.0.4+dfsg-2_i386.deb
60b87b443e6eaa68f1642a73904414e8b30e2490 766412
freeradius-dbg_2.0.4+dfsg-2_i386.deb
a8333bf3cb31c20012168d362f606941f9ce6772 203230
freeradius-common_2.0.4+dfsg-2_all.deb
5d07dacafa6ee8ea99d04f8bdeed137021d58807 129742
freeradius-dialupadmin_2.0.4+dfsg-2_all.deb
Checksums-Sha256:
40bf10f83d152753686514dcf9913ad346ab4f10954e8e1f3b512fcd50f26f14 1465
freeradius_2.0.4+dfsg-2.dsc
12b93606221d42e750e9912040033f20d1f1a3ed466d87f2c2f848a309632069 791
freeradius_2.0.4+dfsg-2.diff.gz
f656779955a6e191af33e2c3e39f7ea5468e6955f03ba6cfb3c733d6f2f8b7db 475244
freeradius_2.0.4+dfsg-2_i386.deb
8179deaa9037256845e587f1b8874d1a36a8fb5e3ddf40461d844a41e7e8e396 71158
freeradius-utils_2.0.4+dfsg-2_i386.deb
747b521fc22ef498c4beaeee4b75e09633ee84cf6cff65cc9b77d19416788b0b 17690
freeradius-krb5_2.0.4+dfsg-2_i386.deb
4657e643b862dd642f66277e3582edf2c273681725de8d6e07415ddb2430018e 34500
freeradius-ldap_2.0.4+dfsg-2_i386.deb
51b8ed2c41ad3b95d1d9054762f68d8706ede1adc539027687cbb2c61cd886c7 24278
freeradius-mysql_2.0.4+dfsg-2_i386.deb
e0495577dc388ebe36abc758454950307d186d73cdef09438e827848daf71dc2 16812
freeradius-iodbc_2.0.4+dfsg-2_i386.deb
bfe783dd00f6e479cadb1b503a379a4e7dae86bdc0b585b7e0867ec59d5224ce 35444
freeradius-postgresql_2.0.4+dfsg-2_i386.deb
fa0bc5eb215bf79a2cc9fa931b9a525b90046d576bce422516fa050cb753ecc0 76346
libfreeradius2_2.0.4+dfsg-2_i386.deb
90bd60c2b9e234eb83cac9a7ed509b15b9bba09f57bd7b03a532ef381163d656 94732
libfreeradius-dev_2.0.4+dfsg-2_i386.deb
1f78dd79d087657d49d0a6dd42463f1cedd7a51691e53e39f9479d8cc897c110 766412
freeradius-dbg_2.0.4+dfsg-2_i386.deb
0b5813db4bf51c33a6b8d3d1a8d8aff09459e58af73aa8e5ffeb613c51ab98df 203230
freeradius-common_2.0.4+dfsg-2_all.deb
8fb132f7bc1327a68fea513941adff66363e6d551fa60918cb9fbdeaccc89f85 129742
freeradius-dialupadmin_2.0.4+dfsg-2_all.deb
Files:
c24e06295eab87d3f3f41a008edbb059 1465 net optional freeradius_2.0.4+dfsg-2.dsc
b78a92aaa3388aa40152b21baf0826c8 791 net optional
freeradius_2.0.4+dfsg-2.diff.gz
35d5474970c45fdc0b8ff887b7f3de13 475244 net optional
freeradius_2.0.4+dfsg-2_i386.deb
b2c630472851e1c7ff4b00ad69142a46 71158 net optional
freeradius-utils_2.0.4+dfsg-2_i386.deb
df123b42f68b33ff2b740c91d9122e76 17690 net optional
freeradius-krb5_2.0.4+dfsg-2_i386.deb
e2ae2f6fbb954dcb85353291791a4659 34500 net optional
freeradius-ldap_2.0.4+dfsg-2_i386.deb
19e0472f400c09e70b45c6a8a220b2f2 24278 net optional
freeradius-mysql_2.0.4+dfsg-2_i386.deb
076221f3316bdf5409f570fbb4e01e51 16812 net optional
freeradius-iodbc_2.0.4+dfsg-2_i386.deb
95f5c6b0ca6ec66bc451f9d2b4e1acfd 35444 net optional
freeradius-postgresql_2.0.4+dfsg-2_i386.deb
e8f2ad90a2c742aa8bc900baa7b2e017 76346 net optional
libfreeradius2_2.0.4+dfsg-2_i386.deb
d9c36a12e48fbd53ae7ef5b3b72915c9 94732 libdevel optional
libfreeradius-dev_2.0.4+dfsg-2_i386.deb
659402d1e67d6e66f07a3a21d0a4b0eb 766412 net extra
freeradius-dbg_2.0.4+dfsg-2_i386.deb
1b729b1a79eebe066f0dcae370a068d9 203230 net optional
freeradius-common_2.0.4+dfsg-2_all.deb
fd55d46d7e6c4ec1b930e1ca9e303759 129742 net optional
freeradius-dialupadmin_2.0.4+dfsg-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIM1QDSYIMHOpZA44RAga6AJ9uIAPcPXipXeEDLn87JTdtCQ7q4wCgvsY5
QPVvOiHJbeMfTZUcpmShFSc=
=NU3A
-----END PGP SIGNATURE-----
--- End Message ---
