Bug#605868: marked as done (sbox-dtc cgi has incorrect Unix rights)

Sun, 26 Dec 2010 05:09:21 -0800 

Your message dated Sun, 26 Dec 2010 13:07:08 +0000
with message-id <20101226130708.347cc28e.codeh...@debian.org>
and subject line Re: Bug#605868: should have been closed already
has caused the Debian Bug report #605868,
regarding sbox-dtc cgi has incorrect Unix rights
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
605868: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605868
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: sbox-dtc
Version: 1.11.2-1
Severity: grave

The file /usr/lib/cgi-bin/sbox should have the SUID bit set, as this is
the way sbox works, and also, it should be owned by the root user to
allow chroot in the vhost directory.

The patch would be simple. Just adding this in the postinst:

chmod u=+rwS /usr/lib/cgi-bin/sbox
chown root.root /usr/lib/cgi-bin/sbox

Thomas Goirand (zigo)

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

--- End Message ---
--- Begin Message --- 
tag 605868 - unreproducible
quit

Version 1.11.2-2

On Sun, 26 Dec 2010 20:37:13 +0800
Thomas Goirand <z...@debian.org> wrote:

> On 12/26/2010 08:11 PM, Neil Williams wrote:
> > tag 605868 + unreproducible
> > quit

This bug actually should have been closed with the 1.11.2-2 upload but
there's a typo in the changelog:

* Sets the SUID bit, chown sbox to root.root (Closse: #605868).

Closing now.

Overall, this package seems to be in quite a mess. (I've found the
thread on debian-release in the meantime). Maybe it should be removed
from testing instead? The postinst is still broken and affected by
#607878 which affects the version in testing.

-- 


Neil Williams
=============
http://www.linux.codehelp.co.uk/

Attachment: pgpjDUHHRX20c.pgp
Description: PGP signature


--- End Message ---

Reply via email to