Your message dated Sat, 14 Mar 2015 15:39:56 +0000
with message-id <e1ywoao-0001hn...@franck.debian.org>
and subject line Bug#767611: Removed package(s) from unstable
has caused the Debian Bug report #368297,
regarding gnutls26: LDAP+SSL account cannot use setuid binaries until gnutls26
is rebuilt with nettle not libgcrypt11
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
368297: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368297
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: gnutls26
Version: libgnutls26
Severity: important
Dear Maintainer,
If your account is an LDAP one and your LDAP client connects to its
LDAP server via SSL then running setuid programs from your account
fail since libgcrypt11 is horribly broken and upstream GnuTLS
no longer recommends using it as the backend crypto library:
http://lists.debian.org/debian-legal/2011/02/msg00006.html
In the past it was possible to work around this by using nscd
but that work around no longer has any effect.
When I rebuild gnutls26 with nettle I am able to use setuid binaries
from my LDAP account which connects via SSL to its LDAP server.
Reproducing:
1. Install an OpenLDAP server that speaks LDAP over SSL.
2. Install Debian Testing or Unstable and configure it to be an LDAP
client that connects via to its LDAP server via SSL.
3. Log into the Debian system created in step using an LDAP account
not an account in /etc/passwd.
4. Attempt to use sudo. You will see unexpected results:
$ sudo id
[sudo] password for user:
sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): Operation not permitted
sudo: unable to open /var/lib/sudo/user/1: Operation not permitted
sudo: unable to set gid to runas gid 0: Operation not permitted
sudo: unable to execute /usr/bin/id: Operation not permitted
$
5. Attempt to use sudo. You will see expected results:
$ sudo id
[sudo] password for user:
uid=0(root) gid=0(root) groups=0(root)
See also:
https://bugs.launchpad.net/bugs/926350
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-1-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Version: 1.5.4-3+rm
Dear submitter,
as the package libgcrypt11 has just been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry
that we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/767611
The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.
This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.
Debian distribution maintenance software
pp.
Scott Kitterman (the ftpmaster behind the curtain)
--- End Message ---
