Bug#573015: libutempter0: /usr/lib/utempter/utempter should be world readable

Mon, 08 Mar 2010 02:09:12 -0800 

Package: libutempter0
Version: 1.1.5-2
Severity: normal

Hello,

The wrapper utempter is not world readable:
> % ls -al /usr/lib/utempter/utempter 
> -rwx--s--x. 1 root utmp 4940 2009-08-29 13:03 /usr/lib/utempter/utempter

According to Debian policy, executables should be world-readable[1]:
> Setuid and setgid executables should be mode 4755 or 2755 respectively,
> and owned by the appropriate user or group. They should not be made
> unreadable (modes like 4711 or 2711 or even 4111); doing so achieves
> no extra security, because anyone can find the binary in the freely
> available Debian package; it is merely inconvenient.

In my case, I wanted to run debsums (as non root), but it failed with:
> debsums: can't open libutempter0 file /usr/lib/utempter/utempter
> (Permission denied)

The patch is trivial:
==================
--- rules.orig  2010-03-08 10:46:48.000000000 +0100
+++ rules       2010-03-08 10:46:51.000000000 +0100
@@ -5,7 +5,7 @@
 
 override_dh_fixperms:
        dh_fixperms
-       chmod 2711 debian/libutempter0/usr/lib/utempter/utempter
+       chmod 2755 debian/libutempter0/usr/lib/utempter/utempter
        chown root:utmp debian/libutempter0/usr/lib/utempter/utempter
 
 .PHONY: override_dh_auto_test
==================

Franklin

[1] http://www.debian.org/doc/debian-policy/ch-files.html#s10.9

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing'), (101, 'unstable'), (10, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.33-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libutempter0 depends on:
ii  adduser                       3.112      add and remove users and groups
ii  libc6                         2.10.2-6   Embedded GNU C Library: Shared lib

libutempter0 recommends no packages.

libutempter0 suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-qt-kde-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100308094917.22538.30866.report...@solid.paris.klabs.be

Reply via email to