[Logcheck-devel] Bug#193161: marked as done (logcheck: Dangerous usage of /var/tmp ?)

Debian Bug Tracking System owner at bugs.debian.org
Sat Aug 14 03:33:04 UTC 2004 

Your message dated Fri, 13 Aug 2004 23:17:03 -0400
with message-id <E1Bvp2V-0002Hp-00 at newraff.debian.org>
and subject line Bug#193161: fixed in logcheck 1.2.25
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 13 May 2003 10:17:37 +0000
>From chris at ethlife-a.ethz.ch Tue May 13 05:17:36 2003
Return-path: <chris at ethlife-a.ethz.ch>
Received: from ethlife-a.ethz.ch [129.132.202.7] 
	by master.debian.org with smtp (Exim 3.12 1 (Debian))
	id 19FWql-0006Qr-00; Tue, 13 May 2003 05:17:35 -0500
Received: (qmail 27229 invoked by uid 1000); 13 May 2003 10:17:33 -0000
Date: 13 May 2003 10:17:33 -0000
Message-ID: <20030513101733.27228.qmail at ethlife-a.ethz.ch>
From: christian.jaeger at ethlife.ethz.ch
Subject: logcheck: Dangerous usage of /var/tmp ?
To: submit at bugs.debian.org
X-Mailer: bug 3.3.10.1
Delivered-To: submit at bugs.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0
	tests=BAYES_10,HAS_PACKAGE,NO_REAL_NAME
	version=2.53-bugs.debian.org_2003_05_09
X-Spam-Level: 
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_05_09 (1.174.2.15-2003-03-30-exp)

Package: logcheck
Version: 1.1.1-13.1
Severity: critical

I'm marking this critical since it could be a security problem.
I don't have time right now to check the implications out. If it
isn't a security problem, it's still a bug, though only a normal one.

logcheck installs a directory
/var/tmp/logcheck
for later usage. If one removes this directory, logcheck won't work
anymore.

dpkg -L lists this directory as part of the archive, which means
it will be unpacked during install time.

The problem is, that one may not count on any particular path being
free for own usage inside world writable directories.

Christian.


-- System Information
Debian Release: 3.0
Kernel Version: Linux ethlife-a 2.4.20 #13 SMP Mon Mai 12 05:32:48 MEST 2003 i686 unknown

Versions of the packages logcheck depends on:
ii  cron                3.0pl1-72           management of regular background processing
ii  debconf             1.0.22              Debian configuration management system
ii  logcheck-database   1.1.1-13.1          A database of system log rules for the use of log chec
ii  logtail             1.1.1-13.1          Returns parts of logfiles that have not already been r
ii  mailx               8.1.2-0.20010922cvs A simple mail user agent.
ii  sysklogd            1.4.1-10            System Logging Daemon
exim	Not installed or no info
ii  qmail               1.03-23             Secure, reliable, efficient, simple mail transport sys
	^^^ (Provides virtual package mail-transport-agent)
ii  sysklogd            1.4.1-10            System Logging Daemon
	^^^ (Provides virtual package system-log-daemon)

--- Begin /etc/logcheck/logcheck.logfiles (modified conffile)
/var/log/syslog
/var/log/mail.log
/var/log/daemon.log
/var/log/messages
/var/log/lpr.log
/var/log/auth.log
/var/log/debug
/var/log/mail.err
/var/log/mail.info
/var/log/kern.log
/var/log/mail.warn
/var/log/uucp.log
/var/log/user.log

--- End /etc/logcheck/logcheck.logfiles

--- Begin /etc/logcheck/logcheck.conf (modified conffile)
DATE=`date +'%Y/%m/%d %H:%M'`
SENDMAILTO=root

--- End /etc/logcheck/logcheck.conf

--- Begin /etc/logcheck/logcheck.logfiles (modified conffile)
/var/log/syslog
/var/log/mail.log
/var/log/daemon.log
/var/log/messages
/var/log/lpr.log
/var/log/auth.log
/var/log/debug
/var/log/mail.err
/var/log/mail.info
/var/log/kern.log
/var/log/mail.warn
/var/log/uucp.log
/var/log/user.log

--- End /etc/logcheck/logcheck.logfiles

--- Begin /etc/logcheck/logcheck.conf (modified conffile)
DATE=`date +'%Y/%m/%d %H:%M'`
SENDMAILTO=root

--- End /etc/logcheck/logcheck.conf

--- Begin /etc/cron.d/logcheck (modified conffile)
@reboot		root	test -x /usr/sbin/logcheck && nice -n10 /usr/sbin/logcheck
2 * * * *	root	test -x /usr/sbin/logcheck && nice -n10 /usr/sbin/logcheck

--- End /etc/cron.d/logcheck

---------------------------------------
Received: (at 193161-close) by bugs.debian.org; 14 Aug 2004 03:23:14 +0000
>From katie at ftp-master.debian.org Fri Aug 13 20:23:14 2004
Return-path: <katie at ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Bvp8U-0007lP-00; Fri, 13 Aug 2004 20:23:14 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1Bvp2V-0002Hp-00; Fri, 13 Aug 2004 23:17:03 -0400
From: Todd Troxell <ttroxell at debian.org>
To: 193161-close at bugs.debian.org
X-Katie: $Revision: 1.51 $
Subject: Bug#193161: fixed in logcheck 1.2.25
Message-Id: <E1Bvp2V-0002Hp-00 at newraff.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Fri, 13 Aug 2004 23:17:03 -0400
Delivered-To: 193161-close at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Source: logcheck
Source-Version: 1.2.25

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:

logcheck-database_1.2.25_all.deb
  to pool/main/l/logcheck/logcheck-database_1.2.25_all.deb
logcheck_1.2.25.dsc
  to pool/main/l/logcheck/logcheck_1.2.25.dsc
logcheck_1.2.25.tar.gz
  to pool/main/l/logcheck/logcheck_1.2.25.tar.gz
logcheck_1.2.25_all.deb
  to pool/main/l/logcheck/logcheck_1.2.25_all.deb
logtail_1.2.25_all.deb
  to pool/main/l/logcheck/logtail_1.2.25_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 193161 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Friday, 13 Aug 2004 22:54:13 -0500
Source: logcheck
Binary: logcheck logtail logcheck-database
Architecture: source all
Version: 1.2.25
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org>
Changed-By: Todd Troxell <ttroxell at debian.org>
Description: 
 logcheck   - Mails anomalies in the system logfiles to the administrator
 logcheck-database - A database of system log rules for the use of log checkers
 logtail    - Print log file lines that have not been read
Closes: 193161 255932 259603 262327 264158 265176 265588
Changes: 
 logcheck (1.2.25) unstable; urgency=low
 .
   todd:
   * Small rule updates for dhclient, ntp, bind, kernel, bonobo, qmail,
     proftpd, ntpd, gconf, dovecot, su, samba, postfix (Closes: #259603, #264158)
   * Add line to logcheck.postinst to remove header.txt on purge
   * Add check to exit if running script as root.
   eevans:
   * Added violations.ignore.d/logcheck-spamd rule, (Closes: #262327)
   maks:
   * Re-format NEWS.Debian into Debian changelog format (Closes: #255932)
   * Remove /var/state/logcheck from debian/logcheck.dirs.
   * Small rule updates for pdns, pop3d-ssl, postfix, scponly.
   * Ack woody security fix. (Closes: #193161)
   * Small rule updates for dhcpd, kernel, nagios, postfix, rsnapshot
     thanks to Peter Palfrader <weasel at debian.org>.
   * Add gps policy server rules. (Closes: #265176)
   * Fix port match in oidentd rules. (Closes: #265588)
Files: 
 03047f6b2624f3767b8f0fa6f158865f 670 admin optional logcheck_1.2.25.dsc
 6bbafe7f10b1fadcf159024d07ba94f0 79916 admin optional logcheck_1.2.25.tar.gz
 2d8391aea6d41426fe144d493bd4bb4b 38584 admin optional logcheck_1.2.25_all.deb
 8f8a2663fc61fab076b900164a6be8ea 47118 admin optional logcheck-database_1.2.25_all.deb
 e2b3c988fb0ff5b5e3f71ee36fbf4af1 22654 admin optional logtail_1.2.25_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBHX+h4u3oQ3FHP2YRAsPlAJwJ4U7YUiIt/IJnG0P05HqMXr70yQCdE2JD
7F4nsnZW3wofwJVsp3qRfGs=
=XcZt
-----END PGP SIGNATURE-----

More information about the Logcheck-devel mailing list