Bug#321666: Found bug #321666 again

2005-09-09 Thread Sam Couter 
found 321666 0.91-7
found 321666 0.91-8
stop

Without details on the bug, I can't be 100% sure, but I'm seeing this
same error message with both 0.91-8 and 0.91-7. Device permissions look
fine, ptal-printd is running as the hpojlp user, and hpojlp is in the lp
group.
-- 
Sam "Eddie" Couter  |  mailto:[EMAIL PROTECTED]
Debian Developer|  mailto:[EMAIL PROTECTED]
|  jabber:[EMAIL PROTECTED]
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C


signature.asc
Description: Digital signature

Bug#321666: iopl() returns EPERM because ptal-mlcd isn't root!

2005-09-10 Thread Sam Couter 
The problem is that ptal-mlcd is running as a non-root user and is
trying to use iopl() to grant itself permission to directly mess with
the parallel IO port. iopl() only works for root.

Looks like this bug only affects parallel printers.

The iopl() man page says "Permissions are inherited by fork and exec.",
so one solution may be to make the iopl() call from the init script.
Which, BTW, needs a dose of "use English;". What the hell is this mess?

$( = $) = "$gpw[2] $gpw[2] $agpw[2]";
$< = $> = $upw[2];

That's just line noise!

One other solution is to run ptal-mlcd as root, then get it to drop
privileges itself after calling iopl(). This is probably the
best/neatest solution but also the more difficult one to implement.
-- 
Sam "Eddie" Couter  |  mailto:[EMAIL PROTECTED]
Debian Developer|  mailto:[EMAIL PROTECTED]
|  jabber:[EMAIL PROTECTED]
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C


signature.asc
Description: Digital signature

Bug#309615: libapache2-svn: missing Depends

2005-05-18 Thread Sam Couter 
Package: libapache2-svn
Version: 1.1.4-2
Severity: serious
Justification: Breaks apache

The libapache2-svn package needs a few extra Depends: on SASL and SSL
libraries.

[EMAIL PROTECTED]:/var/log/apache2# /etc/init.d/apache2 start
Starting web server: Apache2/usr/sbin/apache2: error while loading shared 
libraries: libsasl.so.7: cannot open shared object file: No such file or 
directory
[EMAIL PROTECTED]:/var/log/apache2# ldd 
/usr/lib/apache2/modules/mod_authz_svn.so | grep "not found"
   libsasl.so.7 => not found
   libssl.so.0.9.6 => not found
   libcrypto.so.0.9.6 => not found

-- 
Sam "Eddie" Couter  |  mailto:[EMAIL PROTECTED]
Debian Developer|  mailto:[EMAIL PROTECTED]
|  jabber:[EMAIL PROTECTED]
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C


signature.asc
Description: Digital signature

Bug#315074: ipkungfu: Renders system inaccessible

2005-06-20 Thread Sam Couter 
Package: ipkungfu
Version: 0.5.2-3
Severity: critical
Justification: renders entire system inaccessible

Don't do this:
# apt-get install ipkungfu

Because then you have to do this:
 - Grab spare monitor and keyboard
 - Lug spare monitor and keyboard across the room/city/state/country
 - Crawl into corner where machines are stacked
 - Plug spare monitor and keyboard in
 - Shut down (or purge) ipkungfu
 - Unplug monitor and keyboard
 - Return monitor and keyboard to their rightful resting places

Not happy. At least my spare monitor and keyboard only have to travel a
few metres. I'd be *pissed* if I had to drive across town or wake
someone local up to fix it.

Simplest fix: add /etc/default/ipkungfu with ENABLED=false, source the
file in the init script and only start if ENABLED is not "false".

Side note:

[EMAIL PROTECTED]:~# grep -A3 Include /etc/init.d/ipkungfu
# Include ipkungfu defaults if available
if [ -f /etc/ipkungfu ] ; then
. /etc/ipkungfu
fi
[EMAIL PROTECTED]:~# file /etc/ipkungfu
/etc/ipkungfu: directory
[EMAIL PROTECTED]:~#

-- 
Sam "Eddie" Couter  |  mailto:[EMAIL PROTECTED]
Debian Developer|  mailto:[EMAIL PROTECTED]
|  jabber:[EMAIL PROTECTED]
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C


signature.asc
Description: Digital signature

Bug#291680: firehol: insecure temporary directory handling

2005-01-22 Thread Sam Couter 
Package: firehol
Version: 1.214-1
Severity: critical
Tags: security sarge

Both firehol and firehol-wizard use known temporary file names in a
predictably named temporary directory (PID-based).

Neither program ensures that those directories are safe before blasting
the contents of files within. An attacker can place carefully named
symlinks in the directory and overwrite or corrupt many files on the
system.

I have exploited this (it's trivial if even I can do it).

Security team says:
"You may add that if the author/maintainer doesn't know how to fix
the problem either, they should not hesitate to contact us."
-- 
Sam "Eddie" Couter  |  mailto:[EMAIL PROTECTED]
Debian Developer|  mailto:[EMAIL PROTECTED]
|  jabber:[EMAIL PROTECTED]
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C


signature.asc
Description: Digital signature

Bug#291680: isn't really fixed yet

2005-01-29 Thread Sam Couter 
reopen 291680
stop

/sbin/firehol has:

--- copy 'n paste ---
#set out umask so that nobody could exploit the tempdir
umask 077
test -d "${FIREHOL_DIR}" && echo "Tempdir already exists. Please remove
it before proceeding" && exit 1
${MKDIR_CMD} -p "${FIREHOL_DIR}"
test $? -gt 0 && exit 1
--- end copy 'n paste ---

which still leaves a window of opportunity between the test and the
creation of the directory for an attacker to sneak in their directory
and symlink.

See upstream's CVS revision 1.226 for a fix:

http://cvs.sourceforge.net/viewcvs.py/firehol/firehol/firehol.sh?r1=1.225&r2=1.226
-- 
Sam "Eddie" Couter  |  mailto:[EMAIL PROTECTED]
Debian Developer|  mailto:[EMAIL PROTECTED]
|  jabber:[EMAIL PROTECTED]
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C


signature.asc
Description: Digital signature