Re: Bug#9582: suidmanager 0.6 uploaded to master.debian.org

1997-05-17 Thread Karl M. Hegbloom 
 It works some times, but not others.  Enclosed are scripts of two
trials, one where it functions, from within an XEmacs buffer, and
another where it fails, from an XTerm shell.

 The status display comes from a $PROMPT_COMMAND that prints any
non-zero $? before it prints the next prompt.

*** The following message will contain a fixed version of
`suidregister` that will work ***

  I did this in an XEmacs buffer.  It seems to work...
8<->8
~/programs
# grep sldfjljd /etc/suid.conf
[status 1]

~/programs
# grep exports /etc/suid.conf
[status 1]

~/programs
# export PATH=/usr/sbin:/sbin:/usr/bin:/bin

~/programs
# head /usr/sbin/suidregister
#!/bin/sh
#
# Register a binary
#

if echo $- | grep -q e; then
  e=-e
  set +e
else
  e=+e

~/programs
# ./testsuidreg

~/programs
# grep exports /etc/suid.conf
user /etc/exports karlheg karlheg 4755

~/programs
# # now editting suidregister, to comment out my changes.

~/programs
# # now editting /etc/suid.conf to remove that line

~/programs
# head /usr/sbin/suidregister
#!/bin/sh
#
# Register a binary
#

# if echo $- | grep -q e; then
#   e=-e
#   set +e
# else
#   e=+e

~/programs
# grep exports /etc/suid.conf
[status 1]

~/programs
# ./testsuidreg

~/programs
# grep exports /etc/suid.conf
user /etc/exports karlheg karlheg 4755

~/programs
# echo $BASH_VERSION
2.00.0(1)-release
8<->8

 But for some reason, in an XTerm, it fails.  Here's a typescript of
what I did.  Notice that I ran a test with my changes (as per the
patch I sent) in, plus a line like: 

echo $0: value of \$- is: $-`

... inserted at the top of the `suidregister` script.  You can see in
the typescript, where it prints $-, that the '-o errexit' flag is
indeed set when the script is called.

  Here's what your test program returns, even though it appears to
work... it sets the file permissions and makes the "/etc/suid.conf"
entry, but the echo at the top of `suidregister` shows me this:
8<->8
515# ./testsuidreg 
/usr/sbin/suidregister: value of $- is: ehmB

516# cat testsuidreg 
#/!bin/sh
set -e
suidregister /etc/exports karlheg karlheg 4755

517# grep exports /etc/suid.conf
user /etc/exports karlheg karlheg 4755

518# ls -l /etc/exports 
-rwsr-xr-x   1 karlheg  karlheg   366 Feb 26 07:00 /etc/exports*
8<->8

 I ran the `rlpr` postinst script, and it fails.  Then I added the 'x'
flag, for tracing output, and ran it again.  It fails, and you can see
where.  I show the result of running the same `grep` from the
commandline. I then put my patches back into `suidregister`, and it
functions properly, since the code 1 returned by the `grep` does not
cause `suidregister` to exit.

 (I've found that reading these typescripts with `less` works fairly
well, because of the way it displays control characters.)

 I hope you can get something out of this.

8<->8
Script started on Fri May 16 18:44:41 1997
sh: status_after_prompt: command not found

]2;[EMAIL PROTECTED]:~


501# echo      ./  /etc/profile



"Who alone has reason to *lie himself out* of actuality?  He who *suffers*

 from it."

-- Friedrich Nietzsche



]2;[EMAIL PROTECTED]:~


502# echo $PATH

/bin:/usr/bin:/usr/X11R6/bin:/usr/lib/texmf/bin:/usr/local/bin:/usr/games

]2;[EMAIL PROTECTED]:~


503# export $PATH=/usr/sbin:/sbin:/usr/bin:/bin

sh: export: 
`/bin:/usr/bin:/usr/X11R6/bin:/usr/lib/texmf/bin:/usr/local/bin:/usr/games=/usr/sbin:/sbin:/usr/bin:/bin':
 not a valid identifier

[status 1]

]2;[EMAIL PROTECTED]:~


504# export 
$PATH=/usr/sbin:/sbin:/usr/bin:/bin
*504# export 

]2;[EMAIL PROTECTED]:~


505# 


505# echo $PATH

/usr/sbin:/sbin:/usr/bin:/bin

]2;[EMAIL PROTECTED]:~


506# cat /var/lib/dpkg/info/l rlpr.postinst

#!/bin/sh

set -e

# Permission processing inserted by debmake on Fri, 17 Jan 1997 14:52:40 +0900

if [ -e /etc/suid.conf ]; then

suidregister -s rlpr /usr/bin/rlpr root root 4755

else

chown root.root /usr/bin/rlpr

chmod 4755 /usr/bin/rlpr

fi

# Permission processing inserted by debmake on Fri, 17 Jan 1997 14:52:40 +0900

if [ -e /etc/suid.conf ]; then

suidregister -s rlpr /usr/bin/rlprd root root 4755

else

chown root.root /usr/bin/rlprd

chmod 4755 /usr/bin/rlprd

fi

]2;[EMAIL PROTECTED]:~


507# /var/lib/dpkg/info/rlpr.postinst

[status 1]

]2;[EMAIL PROTECTED]:~


508# cp /var/lib/dpkg/info/rlpr.postinst t/  /tmp

]2;[EMAIL PROTECTED]:~


509# sed 's/set -e/set -ex/' /tmp/rlpr.postinst.x

]2;[EMAIL PROTECTED]:~


510

Re: Bug#9582: suidmanager 0.6 uploaded to master.debian.org

1997-05-17 Thread Karl M. Hegbloom 

 This works every time, with no fails due to '-o errexit'.

#!/bin/sh
#
# Register a binary
#

function setperm()
{
if [ -e $2 ]; then
chown $3.$4 $2
chmod $5 $2
fi
}

function compperm()
{
if [ $1 != $4 -o $2 != $5 -o $3 != $6 ]; then
echo "$FILE PERMISSION MISMATCH: was $1.$2 $3 changed to $4.$5 
$6"
fi
}

function permdiag()
{
FILE=$2
if [ -e $FILE ]; then
compperm `find $2 -printf "%u %g %m"` $3 $4 $5
else
echo "File $FILE registered but not installed"
fi
}

function suidrun()
{
while [ 1 ]; do
read X
if [ "$X" ]; then
permdiag $X
setperm $X
else
return
fi
done
}

function with_no_errexit()
{
  if echo $- | grep -q e; then
e=-e
set +e
  else
e=+e
  fi
  eval $1
  set $e
}

if [ "$1" = "" ]; then
sed /dev/null; then
# Reinstate User overrides
setperm $X
echo "OVERRIDE: $X"
exit 0
else
suidunregister $1
fi
fi

echo "$PACKAGE $1 $2 $3 $4" >>/etc/suid.conf
setperm $PACKAGE $1 $2 $3 $4

-- 
Karl M. Hegbloom <[EMAIL PROTECTED]>
http://www.inetarena.com/~karlheg
Portland, OR  USA
Debian GNU 1.2  Linux 2.1.36 AMD K5 PR-133

Re: Bug#9582: suidmanager 0.6 uploaded to master.debian.org

1997-05-17 Thread Christoph Lameter 
Could you please give me a simple script that produces the error that you
have been talking about so long? I have not been able to produce a single
instance of the problem you are mentioning. Get emacs and all other
complicating circumstances out of it.

Just tell me how to produce the problem and I will figure out why and how
to fix it. Right now I am tending to think that this is something due to a
special configuration on your system.

--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Bug#9582: suidmanager 0.6 uploaded to master.debian.org

1997-05-17 Thread Karl M. Hegbloom 
> "Christoph" == Christoph Lameter <[EMAIL PROTECTED]> writes:

Christoph> Could you please give me a simple script that produces
Christoph> the error that you have been talking about so long? I
Christoph> have not been able to produce a single instance of the
Christoph> problem you are mentioning. Get emacs and all other
Christoph> complicating circumstances out of it.

Christoph> Just tell me how to produce the problem and I will
Christoph> figure out why and how to fix it. Right now I am
Christoph> tending to think that this is something due to a
Christoph> special configuration on your system.

   script1
8<->8
#!/bin/sh

echo This is $0
echo The value of \$- is \'$-\'

set -e
./script2
8<->8

   script2
8<->8
#!/bin/sh

echo This is $0
echo The value of \$- is \'$-\'

grep 'non-existing-text' /usr/man/man1/bash*

echo If the grep fails, this will never echo.
8<->8

   typescript (with control chars deleted)
8<->8
Script started on Fri May 16 20:46:25 1997

1001$ set -x # turn on xtrace

1002$ ./script1
+ ./script1
+ echo This is ./script1
This is ./script1
+ echo The value of '$-' is ''hmxB''
The value of $- is 'hmxB'
+ set -e
+ ./script2
+ echo This is ./script2
This is ./script2
+ echo The value of '$-' is ''ehmxB''
The value of $- is 'ehmxB'
+ grep non-existing-text /usr/man/man1/bash.1.gz /usr/man/man1/bashbug.1.gz

1003$ echo $?
+ echo 1
1

1004$ set
+ set
BASH=/bin/sh
BASH_VERSINFO=([0]="2" [1]="00" [2]="0" [3]="1" [4]="release" 
[5]="i586-debian-linux")
BASH_VERSION='2.00.0(1)-release'
COLUMNS=80
CVSROOT=/usr/local/cvsroot
DIRSTACK=()
DISPLAY=:0.0
EUID=1000
HISTFILE=/home/karlheg/.bash_history
HISTFILESIZE=500
HISTSIZE=500
HOME=/home/karlheg
HOSTNAME=bittersweet
HOSTTYPE=i586
IFS='   
'
LINES=24
LOGNAME=karlheg
LS_COLORS=
LS_OPTIONS='--color=tty --classify'
MACHTYPE=i586-debian-linux
MAILCHECK=60
MANPATH=/usr/man:/usr/X11R6/man:/usr/lib/texmf/doc/man:/usr/local/man
OPTERR=1
OPTIND=1
OSTYPE=linux
PAGER=less
PATH=/bin:/usr/bin:/usr/X11R6/bin:/usr/lib/texmf/bin:/usr/local/bin:/usr/games
PIPESTATUS=([0]="1")
PPID=10679
PS1='\n\!\$ '
PS2='> '
PS4='+ '
PWD=/home/karlheg/programs/sh
SHELL=/bin/bash
SHELLOPTS=braceexpand:hashall:histexpand:monitor:xtrace:history:interactive-comments:posix:emacs
SHLVL=4
TERM=xterm
TERMCAP=co#80:li#24:
UID=1000
USER=karlheg
VISUAL=gnuclient
WINDOWID=71303187
XAPPRESDIR=/usr/X11R6/lib/X11/app-defaults
XMCD_LIBDIR=/usr/X11R6/lib/xmcd
_=1
_10626_GNU_nonoption_argv_flags_=00
_10678_GNU_nonoption_argv_flags_=0
_3450_GNU_nonoption_argv_flags_=
my_dirname=() 
{ 
if [ "${PWD#$HOME}" != "$PWD" ]; then
echo '~'${PWD#$HOME};
else
echo $PWD;
fi
}
set_titlebar=() 
{ 
echo -n "]2;$*"
}
vi=() 
{ 
gnuclient $@
}

1005$ exit

Script done on Fri May 16 20:46:53 1997
8<->8

-- 
Karl M. Hegbloom <[EMAIL PROTECTED]>
http://www.inetarena.com/~karlheg
Portland, OR  USA
Debian GNU 1.2  Linux 2.1.36 AMD K5 PR-133

Re: Bug#9582: suidmanager 0.6 uploaded to master.debian.org

1997-05-17 Thread Christoph Lameter 
I have tested your scripts and everything works just as it should.

Check your system for anything special you might have done.

work:~$ ./script1
This is ./script1
The value of $- is 'hB'
This is ./script2
The value of $- is 'hB'
If the grep fails, this will never echo.


work:~$ cat script1
#!/bin/sh

echo This is $0
echo The value of \$- is \'$-\'

set -e
./script2
work:~$ cat script2
#!/bin/sh

echo This is $0
echo The value of \$- is \'$-\'

grep 'non-existing-text' /usr/man/man1/bash*

echo If the grep fails, this will never echo.

--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---

Re: Proposal: New source format (was Re: [Fwd: Re: dpkg question])

1997-05-17 Thread Kai Henningsen 
[EMAIL PROTECTED] (Manoj Srivastava)  wrote on 16.05.97 in <[EMAIL PROTECTED]>:

> >>"Jim" == Jim Van Zandt <[EMAIL PROTECTED]> writes:

Jim>> I think the ".. pathname component" problem deserves some
Jim>> attention. What does anybody think about these steps?

Jim>> 1) Incoming Debian source packages should be automatically
Jim>> scanned, and offending files flagged.

Jim>> 2) GNU tar should refuse to unpack such a tar file, unless
Jim>> enabled by a switch.

Jim>> 3) GNU tar should refuse to create such a tar file, unless
Jim>> enabled by a switch.

>   I hope you mean ask the upstream authors to change GNU tars
>  behaviour, and not that Debian should do a major change in behaviour
>  on it's own. In case we even consider doing such a thing, it should
>  be *off* by default, and turned on (by dpkg and friends) with a
>  special switch.

Since it handles the same type of problem as the absolute path remover, it  
should work the same.

The absolute path remover is on by default.

(Have you _ever_ seen a tar containing a path with ".."? Those are  
extremely rare.)


MfG Kai


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: dpkg verify mode for security?

1997-05-17 Thread Amos Shapira 
In message <[EMAIL PROTECTED]> you write:
|'Amos Shapira wrote:'
|>
|>I was asking over Linux-ISP about doing cleanup after breakins and got
|>many "use tripwire" answers, and one which says that RPM has a verify
|>mode which checks for files which were changed since they were
|>installed.  Can the dpkg maintainers consider adding such a feature
|>for Debian?
|
|What does the rpm verify give you?  As far as I can tell it gives a
|false sense of security.  Nothing more.  The rpm database is easily
|hacked once root access is attained.
|
|Tripwire or something similar is the only viable option.

You give the answer yourself :-).  What I was thinking about is the
ability to verify files against a database on a non-writeable media
(or fetched from the net).

Someone pointed me to an experimental package called 'dpkgcert', which
seems to do just that.  Look at the experimental directory on
master.debian.org.

Cheers,

--Amos

--Amos Shapira| "Of course Australia was marked for
133 Shlomo Ben-Yosef st.  |  glory, for its people had been chosen
Jerusalem 93 805  |  by the finest judges in England."
ISRAEL [EMAIL PROTECTED] | -- Anonymous


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Bug#9582: suidmanager 0.6 uploaded to master.debian.org

1997-05-17 Thread Karl M. Hegbloom 
> "Christoph" == Christoph Lameter <[EMAIL PROTECTED]> writes:

Christoph> I have tested your scripts and everything works just as
Christoph> it should.  Check your system for anything special you
Christoph> might have done.

 The special thing was to have upgraded to Bash-2.0.  I just
downgraded to 1.14.7, and the scripts run now.  I think we should
report this as a Bash bug.

-- 
Karl M. Hegbloom <[EMAIL PROTECTED]>
http://www.inetarena.com/~karlheg
Portland, OR  USA
Debian GNU 1.2  Linux 2.1.36 AMD K5 PR-133


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Bug#9582: suidmanager 0.6 uploaded to master.debian.org

1997-05-17 Thread Christoph Lameter 
I only run bash 2.0 on my systems at home.

On Sat, 17 May 1997, Karl M. Hegbloom wrote:

>> "Christoph" == Christoph Lameter <[EMAIL PROTECTED]> writes:
>
>Christoph> I have tested your scripts and everything works just as
>Christoph> it should.  Check your system for anything special you
>Christoph> might have done.
>
> The special thing was to have upgraded to Bash-2.0.  I just
>downgraded to 1.14.7, and the scripts run now.  I think we should
>report this as a Bash bug.
>
>-- 
>Karl M. Hegbloom <[EMAIL PROTECTED]>
>http://www.inetarena.com/~karlheg
>Portland, OR  USA
>Debian GNU 1.2  Linux 2.1.36 AMD K5 PR-133
>
>
>

--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: which group ?

1997-05-17 Thread David Frey 
Hi Christian,

> I looked at the dump package and found out that /sbin/dump and
> /sbin/restore are in the group tty. Why are they in tty, shouldn't it
> be disk ?

No. dump/restore wants to be in tty in order to be able to notify the 
operator that (s)he has to change tapes.
The operator has to have disk access, either by being root or being in
the disk group. Something like

-rwsr-sr-x   1 root disk 38653 May  1 22:44 /sbin/dump
-rwsr-sr-x   1 root disk 59125 May  1 22:44 /sbin/restore   

would be a security disaster, since anybody could backup your system and
restore the interesting files (a la /etc/shadow).
(if rdump/rrestore didn't exist dump/restore needn't the SUID bit).

David


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Bug#9582: suidmanager 0.6 uploaded to master.debian.org

1997-05-17 Thread Rob Browning 
"Karl M. Hegbloom" <[EMAIL PROTECTED]> writes:

>  The special thing was to have upgraded to Bash-2.0.  I just
> downgraded to 1.14.7, and the scripts run now.  I think we should
> report this as a Bash bug.

Check to see if you have a "set -a" (or +a) anywhere in your bashrc,
or related bash setup files.  If you do, this could be the problem.
In bash 2.0 "set -a" causes trouble.  On my system, "set -a; set +a"
causes all subsequent invocations of man to hang.

Just a thought
-- 
Rob


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Proposal: New source format (was Re: [Fwd: Re: dpkg question])

1997-05-17 Thread Nicolás Lichtmaier 
On 17 May 1997, Kai Henningsen wrote:

> (Have you _ever_ seen a tar containing a path with ".."? Those are  
> extremely rare.)

 I think that this is the way we should handle this:

 if ( tar tvzf $tarfile | grep -q "\.\..*/" ) ; then exit 1 ; fi

 Or something similar...

-- 
Nicolás Lichtmaier.-
[EMAIL PROTECTED]


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Proposal: New source format (was Re: [Fwd: Re: dpkg question])

1997-05-17 Thread Yann Dirson 
Mark Eichin writes:
 > Granted, a *real* solution would be some way to point things off to
 > other disks and have dpkg "know" about it so it handles upgrades
 > cleanly.  We've talked about this some but haven't gotten very far.

Maybe a variation on dpkg-divert would fit well ?
-- 
Yann Dirson

e-mail: [EMAIL PROTECTED]
http://monge.univ-mlv.fr/~dirson


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Proposal: New source format (was Re: [Fwd: Re: dpkg question])

1997-05-17 Thread Yann Dirson 
Joey Hess writes:
 > With this scheme, you arn't running a shell script when you unpack the
 > package. You can figure out how to look at the tar file or shar archive or
 > whatever format the upstream source is kept in, without running any special
 > shell script. The only difference between this and how dpkg-source operates
 > now is that the actual unpacking of the upstream tarball/whatever (NOT the
 > debian source package) and applying of the patches is pushed back into
 > debian/rules, where it can be handled by a shell script. But you need not
 > run this shell script until you decide to build the package -- which makes
 > it just as safe as things stand now.

I'm not su sure: it seems you will still have to execute something to
just *browse* to sources. Am I wrong ?

-- 
Yann Dirson

e-mail: [EMAIL PROTECTED]
http://monge.univ-mlv.fr/~dirson


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: Proposal: New source format (was Re: [Fwd: Re: dpkg question])

1997-05-17 Thread Yann Dirson 
James Troup writes:
 > (Especially when people do stuff like release a new Debian revision
 > where the only change is the maintainer's email address.)

Maybe we should discuss a policy about such changes. Eg, using -2.1 as
debian-version when you just make changes to version -2 that "don't
affect" whatever will be installed.

I think some people do that, but maybe it should be written somewherer...

-- 
Yann Dirson

e-mail: [EMAIL PROTECTED]
http://monge.univ-mlv.fr/~dirson


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .