Bug#948283: marked as done (tinyproxy: If no PidFile is configured logrotate will change the owner of the root directory)

Thu, 09 Apr 2020 09:51:23 -0700 

Your message dated Thu, 09 Apr 2020 16:47:36 +0000
with message-id <e1jmal2-0007mk...@fasolo.debian.org>
and subject line Bug#948283: fixed in tinyproxy 1.8.4-3~deb9u2
has caused the Debian Bug report #948283,
regarding tinyproxy: If no PidFile is configured logrotate will change the 
owner of the root directory
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
948283: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948283
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: tinyproxy
Version: 1.10.0-2
Severity: critical
Justification: breaks unrelated software

Dear Maintainer,

   * What led up to the situation?

I configured tinyproxy without a PidFile.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

I removed the PidFile configuration option from tinyproxy.conf

   * What was the outcome of this action?

The next run of logrotate changed the owner and group of my root
directory (`/`) to tinyproxy:tinyproxy.

   * What outcome did you expect instead?

I expected that not to happen.

Example demonstrating the issue in a fresh VM:

root@debian-2gb-fsn1-1:~# stat /
  File: /
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 801h/2049d      Inode: 2           Links: 18
Access: (0755/drwxr-xr-x)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2019-12-08 05:11:02.514309382 +0100
Modify: 2020-01-06 01:51:41.524000000 +0100
Change: 2020-01-06 01:51:41.524000000 +0100
 Birth: -
root@debian-2gb-fsn1-1:~# apt-get install -yyyyqqqq tinyproxy
Selecting previously unselected package tinyproxy-bin.
(Reading database ... 35006 files and directories currently installed.)
Preparing to unpack .../tinyproxy-bin_1.10.0-2_amd64.deb ...
Unpacking tinyproxy-bin (1.10.0-2) ...
Selecting previously unselected package tinyproxy.
Preparing to unpack .../tinyproxy_1.10.0-2_all.deb ...
Unpacking tinyproxy (1.10.0-2) ...
Setting up tinyproxy-bin (1.10.0-2) ...
Setting up tinyproxy (1.10.0-2) ...
Created symlink /etc/systemd/system/multi-user.target.wants/tinyproxy.service → 
/lib/systemd/system/tinyproxy.service.
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for systemd (241-7~deb10u2) ...
root@debian-2gb-fsn1-1:~# grep PidFile /etc/tinyproxy/tinyproxy.conf
# PidFile: Write the PID of the main tinyproxy thread to this file so it
PidFile "/run/tinyproxy/tinyproxy.pid"
root@debian-2gb-fsn1-1:~# sed -i '/PidFile/d' /etc/tinyproxy/tinyproxy.conf
root@debian-2gb-fsn1-1:~# grep PidFile /etc/tinyproxy/tinyproxy.conf
root@debian-2gb-fsn1-1:~# systemctl start logrotate
root@debian-2gb-fsn1-1:~# sed -i 's/2020/2019/g' /var/lib/logrotate/status
root@debian-2gb-fsn1-1:~# systemctl start logrotate
root@debian-2gb-fsn1-1:~# stat /
  File: /
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 801h/2049d      Inode: 2           Links: 18
Access: (0755/drwxr-xr-x)  Uid: (  106/tinyproxy)   Gid: (  112/tinyproxy)
Access: 2019-12-08 05:11:02.514309382 +0100
Modify: 2020-01-06 01:51:41.524000000 +0100
Change: 2020-01-06 01:53:05.254019354 +0100
 Birth: -

Note that tinyproxy does not start up with this configuration, because systemd
expects the PidFile to appear. For the machine where I noticed this issue I also
adjusted the systemd unit to be of `Type=simple`.

While this configuration might not be common and not encountered by the average
user it introduced a possible security hole in my system and even if this might
not be fully exploitable by the `tinyproxy` user it breaks systemd-tmpfiles:

Jan 06 01:57:53 debian-2gb-fsn1-1 systemd-tmpfiles[282]: Detected unsafe path 
transition / → /var during canonicalization of /var.

Thus I feel the severity of `critical` is justified for this bug report.

Best regards
Tim Düsterhus

-- System Information:
Debian Release: 10.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to en_US.UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages tinyproxy depends on:
ii  adduser        3.118
ii  logrotate      3.14.0-4
ii  lsb-base       10.2019051400
ii  tinyproxy-bin  1.10.0-2

tinyproxy recommends no packages.

tinyproxy suggests no packages.

-- Configuration Files:
/etc/tinyproxy/tinyproxy.conf changed:
User tinyproxy
Group tinyproxy
Port 8888
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatFile "/usr/share/tinyproxy/stats.html"
LogFile "/var/log/tinyproxy/tinyproxy.log"
LogLevel Info
MaxClients 100
MinSpareServers 5
MaxSpareServers 20
StartServers 10
MaxRequestsPerChild 0
Allow 127.0.0.1
ViaProxyName "tinyproxy"
ConnectPort 443
ConnectPort 563


-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: tinyproxy
Source-Version: 1.8.4-3~deb9u2
Done: Mike Gabriel <sunwea...@debian.org>

We believe that the bug you reported is fixed in the latest version of
tinyproxy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 948...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunwea...@debian.org> (supplier of updated tinyproxy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 31 Mar 2020 12:15:15 +0200
Source: tinyproxy
Binary: tinyproxy
Architecture: source amd64
Version: 1.8.4-3~deb9u2
Distribution: stretch
Urgency: medium
Maintainer: Ed Boraas <e...@debian.org>
Changed-By: Mike Gabriel <sunwea...@debian.org>
Description:
 tinyproxy  - Lightweight, non-caching, optionally anonymizing HTTP proxy
Closes: 870307 948283
Changes:
 tinyproxy (1.8.4-3~deb9u2) stretch; urgency=medium
 .
   * debian/patches:
     + Add CVE-2017-11747-drop-privileges-after-PID-file-creation.patch.
       CVE-2017-11747: Create PID file before dropping privileges to non-root
       account. (Closes: #870307).
   * debian/tinyproxy.init:
     + Only set PIDDIR, if PIDFILE is a non-zero length string. (Closes:
       #948283).
Checksums-Sha1:
 e8be7a753b6c7eabf25f14b7444967fa493680b0 2182 tinyproxy_1.8.4-3~deb9u2.dsc
 2ecc31268b386c282f4c9f4ed53dd9b76f3c3aee 192300 tinyproxy_1.8.4.orig.tar.xz
 ea58944daa705551ed82df72742c5ac6bd42080c 181 tinyproxy_1.8.4.orig.tar.xz.asc
 01e6228f8872d1d0416511769bcf1ce9f0bf3cfc 21388 
tinyproxy_1.8.4-3~deb9u2.debian.tar.xz
 6cf1fd17072e4631d2709cd31483d07e01752e6b 98442 
tinyproxy-dbgsym_1.8.4-3~deb9u2_amd64.deb
 a1f1e1e42e6fffa6c48e2b414c3418fab76633cc 6903 
tinyproxy_1.8.4-3~deb9u2_amd64.buildinfo
 3502d0fbc05e49e8d6084704b6f1505b1936065e 85738 
tinyproxy_1.8.4-3~deb9u2_amd64.deb
Checksums-Sha256:
 6416ad625ca72b45721bb7a21baa94ecc5c739b2e413322903da54a8f15e4fa5 2182 
tinyproxy_1.8.4-3~deb9u2.dsc
 a41f4ddf0243fc517469cf444c8400e1d2edc909794acda7839f1d644e8a5000 192300 
tinyproxy_1.8.4.orig.tar.xz
 2ab516a8a6568162d66081c617c8b9c71ada4a14b789aea02c7d832c18c432cc 181 
tinyproxy_1.8.4.orig.tar.xz.asc
 24848d3dc81191a9d5ebf4c5857cf9082968cd7e899e710bd84154595a625e4b 21388 
tinyproxy_1.8.4-3~deb9u2.debian.tar.xz
 c366b0a71b548a091065c3f710789216d749bfaef6d38d7c23e6bb21fd9aa1c2 98442 
tinyproxy-dbgsym_1.8.4-3~deb9u2_amd64.deb
 d66900c62e99c560ead4d6e994879b4d473c9ca41e3e8ed33c999354e8708354 6903 
tinyproxy_1.8.4-3~deb9u2_amd64.buildinfo
 0eb1f096932690ef991f6eff48aff957e33fc6102f524577a8b91ac4fdc4c38f 85738 
tinyproxy_1.8.4-3~deb9u2_amd64.deb
Files:
 88109d3d6a53d8d91cac79932d72f38a 2182 web optional tinyproxy_1.8.4-3~deb9u2.dsc
 b181e8c78cb31c2bc16b61fcf2425190 192300 web optional 
tinyproxy_1.8.4.orig.tar.xz
 40114246a53ee2be072ece9b5185bf6d 181 web optional 
tinyproxy_1.8.4.orig.tar.xz.asc
 509e9a176db7e56310c5c288ac55c1a3 21388 web optional 
tinyproxy_1.8.4-3~deb9u2.debian.tar.xz
 57f925ae998862ac25aae44aa1f9142d 98442 debug extra 
tinyproxy-dbgsym_1.8.4-3~deb9u2_amd64.deb
 3cd61b82fa540597e3fa39b315621beb 6903 web optional 
tinyproxy_1.8.4-3~deb9u2_amd64.buildinfo
 eb74f6e35a6560f469824832c3a4a3eb 85738 web optional 
tinyproxy_1.8.4-3~deb9u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl6DG44ACgkQgj6WdgbD
S5YRrw/9F7kWVSScILLasZIj8Av0P+tyf1L5We0spwPctZInqQRfW9oYEZ8ZyUtx
VxJvJ8iol4JUMhip4C/WYJ+8y2msQXaHqGTlva+DTeQ2mLOkO2hzvfdloslYS4sC
K7RWZVpr3dUNlSE8XMTV9AHFSG3dp1t+oTNPhGpnlSFywTjJ1k115BcMjWta4f6e
CkdnDKRiOm9gbrbgu3O1NbZoquU+xl6RsfMgVp0xNZ0qghIZGVzpwcDwNsLFmdkK
6Bu6M/BOxHWgs1sa82v/esW2AlIf07NPRXKt4GpxGGN2POh2s3vCMYrY3yBXAQeg
bMUeBC6puhtx0yYZZm2YOhLQa/696202kngGHCI6C/3WnXtncW1SFx60Fzuma1D0
jX/hIXP3tQGrD8vF/km8LJbhnYNnvMTUoCZLxil6Cz/IqUNNUM8RwGZyDJ0uZDdY
hJoGoua/fvHRNSVPn7KXg7nb0tBQcUi/2BVWOurWLZxe5OvY6FlZzYUhn3sZcrm3
Fq8HvjZBp/JyNwnCCFoBO+7Wk14COf47nJZVuM9KJWHb5iOGd02UjHWU0jl00lxf
WEl4kylDStmwo0jbmiL3eoowgerqUc/nCdYxa2u6t/MzVh+x17WH5MJ4l95SuRhm
tj7L7bVRjHQ3Qtt9ErER+AbaIXCb4ROHPAFrEbpVsBbA7zrffcY=
=poT5
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to