[Bug 588325] New: AUDIT-0: lockdev
http://bugzilla.novell.com/show_bug.cgi?id=588325 http://bugzilla.novell.com/show_bug.cgi?id=588325#c0 Summary: AUDIT-0: lockdev Classification: openSUSE Product: openSUSE 11.3 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: security-team@suse.de ReportedBy: lnussel@novell.com QAContact: qa@suse.de Found By: --- Blocker: --- lockdev is used to create lock files in /var/lock on behalf of users. To avoid having /var/lock world writeable the /usr/sbin/lockdev helper is setgid 'lock' and /var/lock writable only by group 'lock'. The lockdev package is currently staged for Factory in Base:System. Upstream git repo is here: git://git.debian.org/git/lockdev/lockdev -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=588325 http://bugzilla.novell.com/show_bug.cgi?id=588325#c1 --- Comment #1 from Sebastian Krahmer <krahmer@novell.com> 2010-04-07 09:56:04 UTC --- Use this patch at least, fixing buffer overflow: --- lockdev-1.0.3_git201003141408/src/lockdev.c 2010-03-14 15:08:35.000000000 +0100 +++ lockdev-1.0.3_git201003141408.new/src/lockdev.c 2010-04-07 10:56:42.000000000 +0200 @@ -497,7 +497,7 @@ } if ( strcmp( p, "tty") == 0 ) p = ttyname( 0); /* this terminal, if it exists */ - if (((l = strlen(p)) == 0) || (l > (MAXPATHLEN - strlen(LOCK_PATH)))) + if (((l = strlen(p)) == 0) || (l >= (MAXPATHLEN - strlen(LOCK_PATH)) - strlen("/LCK..."))) return NULL; if ((m = malloc(++l)) == NULL) return NULL; -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=588325 http://bugzilla.novell.com/show_bug.cgi?id=588325#c2 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #2 from Ludwig Nussel <lnussel@novell.com> 2010-04-26 10:02:48 CEST --- applied and submitted -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=588325 https://bugzilla.novell.com/show_bug.cgi?id=588325#c3 --- Comment #3 from Bernhard Wiedemann <bwiedemann@suse.com> 2011-10-31 22:02:43 CET --- This is an autogenerated message for OBS integration: This bug (588325) was mentioned in https://build.opensuse.org/request/show/89843 Tumbleweed / permissions -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=588325 http://bugzilla.novell.com/show_bug.cgi?id=588325#c4 --- Comment #4 from Bernhard Wiedemann <bwiedemann@suse.com> --- This is an autogenerated message for OBS integration: This bug (588325) was mentioned in https://build.opensuse.org/request/show/38578 Factory / lockdev https://build.opensuse.org/request/show/38579 Factory / permissions -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com