Override component to main
libpam-freerdp 0.4.0-0ubuntu1 in quantal: universe/misc -> main
libpam-freerdp 0.4.0-0ubuntu1 in quantal amd64: universe/misc/extra -> main
libpam-freerdp 0.4.0-0ubuntu1 in quantal armel: universe/misc/extra -> main
libpam-freerdp 0.4.0-0ubuntu1 in quantal armhf: universe
I just uploaded new upstream release 0.4.0, which fixes Jamie's and
Tyler's concern. So I'll mark this Fix Committed. Thanks all!
** Changed in: libpam-freerdp (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, wh
On 2012-09-04 13:43:55, Ted Gould wrote:
> On Mon, 2012-09-03 at 21:34 +, Tyler Hicks wrote:
> > After reviewing revision 30 in the upstream libpam-freerdp project, a
> > privileged kill() of session_pid still exists at the beginning of
> > pam_sm_open_session(). All other issues seem to be add
On Mon, 2012-09-03 at 21:34 +, Tyler Hicks wrote:
> After reviewing revision 30 in the upstream libpam-freerdp project, a
> privileged kill() of session_pid still exists at the beginning of
> pam_sm_open_session(). All other issues seem to be addressed. Thanks!
Merge proposal posted:
https://
Hi Ted - Thanks for working on addressing the security issues!
After reviewing revision 30 in the upstream libpam-freerdp project, a
privileged kill() of session_pid still exists at the beginning of
pam_sm_open_session(). All other issues seem to be addressed. Thanks!
Also, have you confirmed tha
On Fri, 2012-08-31 at 15:32 +, Michael Terry wrote:
> Ted, perhaps don't tie MIR bugs with their special status
> meanings to branches.
We're discussing it on IRC now. I think the autolander shouldn't change
the status on (Ubuntu) bugs. Those should be managed by the distro team
(using metho
On Fri, 2012-08-31 at 15:13 +, Jamie Strandboge wrote:
> Why was this marked to 'Fix Committed'? There is still conversation
> surrounding it.
The current state of the merge proposal was set to approved, so the
autolander landed it. It set it to committed when it landed it. If
there are more
Jenkins did that. I'm betting ted tied his branch to this bug, so
Jenkins automatically marked this Fix Committed when the branch was
pushed. Ted, perhaps don't tie MIR bugs with their special status
meanings to branches.
--
You received this bug notification because you are a member of Ubuntu
Why was this marked to 'Fix Committed'? There is still conversation
surrounding it.
** Changed in: libpam-freerdp (Ubuntu)
Status: Fix Committed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launch
** Changed in: libpam-freerdp (Ubuntu)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1039634
Title:
[MIR] libpam-freerdp
To manage notifications about this bug g
Let's not be theoretical, this is exactly what I'm thinking:
http://bazaar.launchpad.net/~ted/libpam-freerdp/security-
concerns/view/head:/src/pam-freerdp.c#L240
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.n
On Thu, 2012-08-30 at 22:10 +, Jamie Strandboge wrote:
> I did this locally and it worked fine. setgroups() seems to be able to
> be called after setgid() but not after setuid().
Okay, so I figured out my issue, but I'm unsure of how to handle it. I
am testing this using pamtester, which runs
(and by locally I mean in a test program, not your pam module).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1039634
Title:
[MIR] libpam-freerdp
To manage notifications about this bug go to:
https
It has always been my understanding that the order to permanently drop
privileges from root is:
* setgroups()
* setgid()
* setuid()
Note setgid() sets all of: saved gid, egid and gid and setuid() sets all
of saved uid, euid and uid.
I did this locally and it worked fine. setgroups() seems to be
On Thu, 2012-08-30 at 20:54 +, Jamie Strandboge wrote:
> Did this not fail because you added setgroups() after you already called
> setuid()?
I tried it both ways, both before and after, and setgroups() failed both
times. I tried putting it before the setuid() as well figuring that
perhaps dr
Did this not fail because you added setgroups() after you already called
setuid()?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1039634
Title:
[MIR] libpam-freerdp
To manage notifications about th
On Thu, 2012-08-30 at 17:46 +, Tyler Hicks wrote:
> > > * The handling of session_pid doesn't look right to me. Do we really
> > > want to
> > >blindly kill a PID that we stored in a global variable at some point
> > > in the
> > >past? I think there are probably PID wrap around issu
** Branch linked: lp:~ted/libpam-freerdp/security-concerns
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1039634
Title:
[MIR] libpam-freerdp
To manage notifications about this bug go to:
https://bu
On 2012-08-30 14:09:21, Ted Gould wrote:
> On Thu, 2012-08-30 at 07:19 +, Tyler Hicks wrote:
> > * Memory containing a copy of PAM_AUTHTOK should be memset() with 0's
> > prior to
> >munlock()/free().
>
> Just to be clear, the only case I can find of this is the prompt value,
> is that t
On Thu, 2012-08-30 at 07:19 +, Tyler Hicks wrote:
> * A named socket is created as root, inside of user home directories. There
>are quite a few things that can go wrong when a privileged process is doing
>things inside of a user-controlled directory.
>
>For example, there is
I've completed my initial security review of the project. Of course, there is
no CVE history due to the project being new. The project consists of a fairly
simple PAM module and a helper application that uses the libfreerdp API to
authenticate to a remote RDP server.
I've given libpam-freerdp code
Just uploaded 0.3.0 which should fix a few issues.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1039634
Title:
[MIR] libpam-freerdp
To manage notifications about this bug go to:
https://bugs.launc
** Changed in: libpam-freerdp (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => Tyler Hicks (tyhicks)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1039634
Title:
[MIR] libpam-freerdp
To manag
OK, seems fine besides a security pass.
** Changed in: libpam-freerdp (Ubuntu)
Status: Incomplete => New
** Changed in: libpam-freerdp (Ubuntu)
Assignee: Ted Gould (ted) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, whi
(after having uploaded 0.2.0 that is)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1039634
Title:
[MIR] libpam-freerdp
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubun
On Tue, 2012-08-21 at 21:56 +, Michael Terry wrote:
> Also, what's the story with unit tests?
Really, it's looking like they'll have to be manual because PAM is so
hard coded to be "unbreakable". Basically you'll have to be root to be
able to install a PAM session that we can then use for tes
Also, what's the story with unit tests?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1039634
Title:
[MIR] libpam-freerdp
To manage notifications about this bug go to:
https://bugs.launchpad.net/ub
Blockers:
* Has several TODO items which are important (like using stdin instead of
command line)
* open_session doesn't do anything.
Nits:
* Should have a bug subscriber
Notes:
* Small, simple package
* Builds fine
* New package
* All dependencies in main
* Canonical will maintain
This will al
28 matches
Mail list logo
