Bug#572144: marked as done (lshell: The default configuration allows run every system command)

Debian Bug Tracking System Wed, 10 Mar 2010 11:08:02 -0800

Your message dated Wed, 10 Mar 2010 19:03:00 +0000
with message-id <e1nprbm-0000qt...@ries.debian.org>
and subject line Bug#572144: fixed in lshell 0.9.10-1
has caused the Debian Bug report #572144,
regarding lshell: The default configuration allows run every system command
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
572144: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572144
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: lshell
Version: 0.9.8-1
Severity: grave
Tags: security
Justification: user security hole

In example I can run "echo $(/bin/sh)" or "echo $(/bin/su)", or every other 
command.

Best Regards,
Piotr

PS: Sorry for my English.

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (990, 'stable'), (800, 'testing'), (100, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages lshell depends on:
ii  adduser                       3.110      add and remove users and groups
ii  python                        2.5.4-9    An interactive high-level object-o
ii  python-support                1.0.6      automated rebuilding support for P

lshell recommends no packages.

lshell suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: lshell
Source-Version: 0.9.10-1

We believe that the bug you reported is fixed in the latest version of
lshell, which is due to be installed in the Debian FTP archive:

lshell_0.9.10-1.debian.tar.gz
  to main/l/lshell/lshell_0.9.10-1.debian.tar.gz
lshell_0.9.10-1.dsc
  to main/l/lshell/lshell_0.9.10-1.dsc
lshell_0.9.10-1_all.deb
  to main/l/lshell/lshell_0.9.10-1_all.deb
lshell_0.9.10.orig.tar.gz
  to main/l/lshell/lshell_0.9.10.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 572...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ignace Mouzannar <mouzan...@gmail.com> (supplier of updated lshell package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 07 Mar 2010 01:52:57 +0000
Source: lshell
Binary: lshell
Architecture: source all
Version: 0.9.10-1
Distribution: unstable
Urgency: low
Maintainer: Ignace Mouzannar <mouzan...@gmail.com>
Changed-By: Ignace Mouzannar <mouzan...@gmail.com>
Description: 
 lshell     - restricts a user's shell environment to limited sets of commands
Closes: 572144
Changes: 
 lshell (0.9.10-1) unstable; urgency=low
 .
   * New upstream release:
     - Corrects major security bugs. (Closes: #572144)
     - Adds a logrotate file.
     - Adds new features.
   * debian/control:
     - Bumped Standards-Version to 3.8.4.
Checksums-Sha1: 
 d9e2a0d37f783c95ea433901fcdf1705dc181e1f 999 lshell_0.9.10-1.dsc
 b006a181bc44934e76a16215d0e08583a42e74bd 34751 lshell_0.9.10.orig.tar.gz
 9483e549bb0b1ed26e073b54d1039c19e35c01d6 3452 lshell_0.9.10-1.debian.tar.gz
 6c176efb1284b1c416959b4c857b5fc1d5fbe5cf 28054 lshell_0.9.10-1_all.deb
Checksums-Sha256: 
 96fa003b293eba4610c344eb278a0424ffe8b9bba4dd23ee42e0dd24b6f5105b 999 
lshell_0.9.10-1.dsc
 18763e011ef9b0841e5620f41d4f05abe148bf820e0bad226f8c64dad83678a0 34751 
lshell_0.9.10.orig.tar.gz
 e4f78047b5f8e93c1c089e3546362045af2973cfe6d08032a148c9f5a7da8143 3452 
lshell_0.9.10-1.debian.tar.gz
 ddf149d811c399828c1f6f8b1e76aa6903b3ed2a5d28f89a9a975bf22bdb98d7 28054 
lshell_0.9.10-1_all.deb
Files: 
 3d47910cd0fa0c171ff7e8cee1f3eebf 999 shells optional lshell_0.9.10-1.dsc
 af9c86e1be9d61adaa175988604cbeae 34751 shells optional 
lshell_0.9.10.orig.tar.gz
 7068785ce5ecc058bf45105f5acf1579 3452 shells optional 
lshell_0.9.10-1.debian.tar.gz
 1c8d42bbd5090260d5e42a841bba42d6 28054 shells optional lshell_0.9.10-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuX6QkACgkQIntwtlWVB0p9DACfRwwzH5Lvih/bsn/5C8O+AzNB
ClsAoJXG8zJ1TuU/PfmH1c0Fn/VhfYr/
=tWaJ
-----END PGP SIGNATURE-----

--- End Message ---

Bug#572144: marked as done (lshell: The default configuration allows run every system command)

Reply via email to