Your message dated Fri, 21 Oct 2005 01:19:57 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Closing the bug
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Aug 2005 20:21:11 +0000
>From [EMAIL PROTECTED] Sat Aug 20 13:21:11 2005
Return-path: <[EMAIL PROTECTED]>
Received: from farad.aurel32.net [82.232.2.251]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E6Zq3-0008VI-00; Sat, 20 Aug 2005 13:21:11 -0700
Received: from bode.aurel32.net ([2001:618:400:fc13:211:9ff:feed:c498])
by farad.aurel32.net with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1E6Zq1-0005zD-KB; Sat, 20 Aug 2005 22:21:09 +0200
Received: from aurel32 by bode.aurel32.net with local (Exim 4.52)
id 1E6Zq5-0007jl-CY; Sat, 20 Aug 2005 22:21:13 +0200
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
From: Aurelien Jarno <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: lm-sensors: Insecure tempfile usage in pwmconfig
X-Mailer: reportbug 3.15
Date: Sat, 20 Aug 2005 22:21:13 +0200
Message-Id: <[EMAIL PROTECTED]>
Sender: Aurelien Jarno <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.8 required=4.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: lm-sensors
Version: 1:2.9.1-5
Severity: grave
Tags: security patch
lm-sensors's configuration script pwmconfig, which is used, generally as
root, to probe the fan controls and generate a new configuration file,
uses files under /tmp in an unsafe way which makes it possible to
conduct symlink attacks. The temporary filename used to create a
temporary configuration file is hardcoded to '/tmp/fancontrol'.
Thanks to Javier Fernández-Sanguino Peña <[EMAIL PROTECTED]> who first
reported me the bug.
--- pwmconfig.orig 2005-08-05 18:36:40.000000000 +0200
+++ pwmconfig 2005-08-05 18:37:47.000000000 +0200
@@ -465,9 +465,11 @@
function SaveConfig {
echo
echo "Saving configuration to $FCCONFIG..."
- egrep -v '(INTERVAL|FCTEMPS|FCFANS|MAXTEMP|MINTEMP|MINSTART|MINSTOP)'
$FCCONFIG >/tmp/fancontrol
- echo -e
"INTERVAL=$INTERVAL\nFCTEMPS=$FCTEMPS\nFCFANS=$FCFANS\nMINTEMP=$MINTEMP\nMAXTEMP=$MAXTEMP\nMINSTART=$MINSTART\nMINSTOP=$MINSTOP"
>>/tmp/fancontrol
- mv /tmp/fancontrol $FCCONFIG
+ tmpfile=`tempfile` || { echo "$0: Cannot create temporary file" >&2;
exit 1; }
+ trap " [ -f \"$tmpfile\" ] && /bin/rm -f -- \"$tmpfile\"" 0 1 2 3 13 15
+ egrep -v '(INTERVAL|FCTEMPS|FCFANS|MAXTEMP|MINTEMP|MINSTART|MINSTOP)'
$FCCONFIG >$tmpfile
+ echo -e
"INTERVAL=$INTERVAL\nFCTEMPS=$FCTEMPS\nFCFANS=$FCFANS\nMINTEMP=$MINTEMP\nMAXTEMP=$MAXTEMP\nMINSTART=$MINSTART\nMINSTOP=$MINSTOP"
>>$tmpfile
+ mv $tmpfile $FCCONFIG
#check if file was written correctly
echo 'Configuration saved'
}
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to fr_FR.UTF-8)
Versions of packages lm-sensors depends on:
ii debconf [debconf-2.0] 1.4.57 Debian configuration management sy
ii libc6 2.3.5-3 GNU C Library: Shared libraries an
ii libsensors3 1:2.9.1-5 library to read temperature/voltag
ii makedev 2.3.1-78 creates device files in /dev
ii perl 5.8.7-4 Larry Wall's Practical Extraction
ii sed 4.1.4-2 The GNU sed stream editor
ii sysvinit 2.86.ds1-1 System-V like init
ii ucf 2.001 Update Configuration File: preserv
Versions of packages lm-sensors recommends:
ii kernel-image-2.6.12 [kernel 10.00.Custom Linux kernel binary image for vers
ii lm-sensors-2.4.27-2-k7 [lm- 1:2.9.1-5 kernel drivers to read temperature
-- debconf information excluded
---------------------------------------
Received: (at 324193-done) by bugs.debian.org; 20 Oct 2005 23:20:00 +0000
>From [EMAIL PROTECTED] Thu Oct 20 16:20:00 2005
Return-path: <[EMAIL PROTECTED]>
Received: from farad.aurel32.net [82.232.2.251]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1ESjhY-0003xc-00; Thu, 20 Oct 2005 16:20:00 -0700
Received: from bode.aurel32.net ([2001:618:400:fc13:211:9ff:feed:c498])
by farad.aurel32.net with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1ESjhW-0006B5-1E
for [EMAIL PROTECTED]; Fri, 21 Oct 2005 01:19:58 +0200
Received: from aurel32 by bode.aurel32.net with local (Exim 4.54)
id 1ESjhV-0006oj-Uf
for [EMAIL PROTECTED]; Fri, 21 Oct 2005 01:19:57 +0200
Date: Fri, 21 Oct 2005 01:19:57 +0200
From: Aurelien Jarno <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Closing the bug
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
X-Mailer: Mutt 1.5.11 (2005-09-15)
User-Agent: Mutt/1.5.11
Sender: Aurelien Jarno <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
lm-sensors has been moved to etch. Closing the bug.
--
.''`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' [EMAIL PROTECTED] | [EMAIL PROTECTED]
`- people.debian.org/~aurel32 | www.aurel32.net
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
