Bug#620304: marked as done (tmux: Incorrect dropping of privileges allows users to obtain utmp group privileges)

Fri, 08 Apr 2011 18:57:21 -0700 

Your message dated Sat, 09 Apr 2011 01:56:18 +0000
with message-id <e1q8npo-0001cn...@franck.debian.org>
and subject line Bug#620304: fixed in tmux 1.3-2+squeeze1
has caused the Debian Bug report #620304,
regarding tmux: Incorrect dropping of privileges allows users to obtain utmp 
group privileges
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
620304: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620304
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: tmux
Version: 1.3-2
Severity: important


When running tmux with -S (specify custom socket path), the utmp
group privileges will not be dropped but inherited to any shells running
within tmux.

While /bin/bash gets kind of confused, strangely skips loading
/etc/profile, ~/.bashrc etc. and also drops the utmp privileges on its
own, using /bin/dash, for instance, allows to illustrate the issue:

1. run "SHELL=/bin/sh tmux -S whatever"
2. run "id" inside tmux
3. observe egid=43(utmp)

The problem is apparently introduced by 03_proper_socket_handling.diff
and 04_dropping_unnecessary_privileges.diff. The incorrectly placed call
to setresgid() in is not reached when a custom socket path is used.

-- System Information:
Debian Release: 6.0.1
  APT prefers squeeze-updates
  APT policy: (500, 'squeeze-updates'), (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages tmux depends on:
ii  libc6                    2.11.2-10       Embedded GNU C Library: Shared lib
ii  libevent-1.4-2           1.4.13-stable-1 An asynchronous event notification
ii  libncurses5              5.7+20100313-5  shared libraries for terminal hand

tmux recommends no packages.

tmux suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: tmux
Source-Version: 1.3-2+squeeze1

We believe that the bug you reported is fixed in the latest version of
tmux, which is due to be installed in the Debian FTP archive:

tmux_1.3-2+squeeze1.debian.tar.gz
  to main/t/tmux/tmux_1.3-2+squeeze1.debian.tar.gz
tmux_1.3-2+squeeze1.dsc
  to main/t/tmux/tmux_1.3-2+squeeze1.dsc
tmux_1.3-2+squeeze1_amd64.deb
  to main/t/tmux/tmux_1.3-2+squeeze1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 620...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Karl Ferdinand Ebert <kfeb...@gmail.com> (supplier of updated tmux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 04 Apr 2011 23:11:12 +0200
Source: tmux
Binary: tmux
Architecture: amd64 source
Version: 1.3-2+squeeze1
Distribution: stable-security
Urgency: high
Maintainer: Karl Ferdinand Ebert <kfeb...@gmail.com>
Changed-By: Karl Ferdinand Ebert <kfeb...@gmail.com>
Closes: 620304
Description: 
 tmux       - terminal multiplexer
Changes: 
 tmux (1.3-2+squeeze1) stable-security; urgency=high
 .
   * Fix "Incorrect dropping of privileges allows users to obtain utmp
     group privileges" by adjusting patch 04_drop_unnecessary_privileges.diff
     to drop privileges at the caller side (Closes: #620304).
Checksums-Sha1: 
 5d50f8d4a63fd9fd34cdc9e214104bdf072e96ac 1228 tmux_1.3-2+squeeze1.dsc
 4d132a5fa25ef049e023f154824f39b0d7e72ab0 251999 tmux_1.3.orig.tar.gz
 6bce736318908b7d783e4418024a43e446bf6e29 11288 
tmux_1.3-2+squeeze1.debian.tar.gz
 8dee259050dc759b6533bab88473cec8488d17c0 224558 tmux_1.3-2+squeeze1_amd64.deb
Checksums-Sha256: 
 d608d0c9f66c3a1b70facba10a7f64308d36907110119590a3390e21f287d20e 1228 
tmux_1.3-2+squeeze1.dsc
 72c2d6f1c30fb4ccbd29b530a7d8a08e67c9c2d87ac8d67e3806561670fc0362 251999 
tmux_1.3.orig.tar.gz
 bbcea6f2d7eaa488c7dd3f1d7c91a21e9157dc2ea3a36ec90e75d0a540740614 11288 
tmux_1.3-2+squeeze1.debian.tar.gz
 f83272b21fc86be75c0e1e69d94aecbb28359d8d7fed96a555ce78367aa20252 224558 
tmux_1.3-2+squeeze1_amd64.deb
Files: 
 d9161e2e90e99b045efad9819781ddf0 1228 admin optional tmux_1.3-2+squeeze1.dsc
 96e60cb206de2db0610b9fb6a64c2251 251999 admin optional tmux_1.3.orig.tar.gz
 f1817497b89e006b3c0cf610299a8d3f 11288 admin optional 
tmux_1.3-2+squeeze1.debian.tar.gz
 faf8367e0fe246f5bce8207cf045254d 224558 admin optional 
tmux_1.3-2+squeeze1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFNnASmogN2vsA8Vt8RArlyAKDXvO9ICiqYH/VFfJPKinMTZ9rsxwCgviLP
cNAo+EeznSgEmcMnxKM6eMU=
=vdX3
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to