Hello community, here is the log from the commit of package supportutils checked in at Sat Oct 25 11:12:10 CEST 2008. -------- --- supportutils/supportutils.changes 2008-10-24 02:38:05.000000000 +0200 +++ /mounts/work_src_done/STABLE/supportutils/supportutils.changes 2008-10-24 21:31:44.900676000 +0200 @@ -1,0 +2,5 @@ +Fri Oct 24 13:01:39 MDT 2008 - jrecord@novell.com + +-modified plugin directory security (bnc#438338) + +------------------------------------------------------------------- calling whatdependson for head-i586 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ supportutils.spec ++++++ --- /var/tmp/diff_new_pack.Lz1712/_old 2008-10-25 11:11:55.000000000 +0200 +++ /var/tmp/diff_new_pack.Lz1712/_new 2008-10-25 11:11:55.000000000 +0200 @@ -25,7 +25,7 @@ Group: System/Management AutoReqProv: on Version: 1.01 -Release: 14 +Release: 15 Source: %{name}-%{version}.tar.gz Summary: Support Troubleshooting Tools BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -85,6 +85,8 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Oct 24 2008 jrecord@novell.com +-modified plugin directory security (bnc#438338) * Thu Oct 23 2008 jrecord@novell.com -fixed plugin directory security (bnc#438338) -fixed conf_file reference (bnc#438317) ++++++ supportutils-1.01.tar.gz ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/supportutils-1.01/supportconfig new/supportutils-1.01/supportconfig --- old/supportutils-1.01/supportconfig 2008-10-24 02:33:30.000000000 +0200 +++ new/supportutils-1.01/supportconfig 2008-10-24 21:19:37.000000000 +0200 @@ -1,7 +1,7 @@ #!/bin/bash -SVER=2.25-50 -SDATE="2008 10 23" +SVER=2.25-51 +SDATE="2008 10 24" ############################################################################## # supportconfig - Gathers system troubleshooting information for NTS. @@ -2861,16 +2861,39 @@ bad_plugin_dir() { if [ -d $XPLUGIN_DIR ]; then XPLUGIN_DIR_OWNER=$(stat -c %u $XPLUGIN_DIR) - XPLUGIN_DIR_MODE=$(stat -c %f $XPLUGIN_DIR) - if [ "$XPLUGIN_DIR_MODE" != "41c0" -a "$XPLUGIN_DIR_MODE" != "4140" -o $XPLUGIN_DIR_OWNER -ne 0 ]; then - # return a bad plugin directory - return 0 + XPLUGIN_DIR_GRP=$(stat -c %g $XPLUGIN_DIR) + XPLUGIN_DIR_MODE=$(stat -c %a $XPLUGIN_DIR) + + test $XPLUGIN_DIR_OWNER -eq 0 && OWNER_DENIED=0 || OWNER_DENIED=1 + case $XPLUGIN_DIR_GRP in + 0) GROUP_DENIED=0 ;; + *) if [ ${#XPLUGIN_DIR_MODE} -eq 3 ]; then + case ${XPLUGIN_DIR_MODE:1:1} in + 0|1|4|5) GROUP_DENIED=0 ;; + *) GROUP_DENIED=1 ;; + esac + else + # Don't allow suid, guid, or sticky bits to be set + GROUP_DENIED=1 + fi + esac + if [ ${#XPLUGIN_DIR_MODE} -eq 3 ]; then + case ${XPLUGIN_DIR_MODE:2:1} in + 0|1|4|5) OTHER_DENIED=0 ;; + *) OTHER_DENIED=1 ;; + esac else - # return a good plugin directory - return 1 + # Don't allow suid, guid, or sticky bits to be set + OTHER_DENIED=1 fi + + BAD_DIR=0 + test $OWNER_DENIED -gt 0 && ((BAD_DIR++)) + test $GROUP_DENIED -gt 0 && ((BAD_DIR++)) + test $OTHER_DENIED -gt 0 && ((BAD_DIR++)) + test $BAD_DIR -gt 0 && return 0 || return 1 else - # return a good plugin directory + # good plugin directory return 1 fi } @@ -3282,9 +3305,11 @@ if bad_plugin_dir; then echolog " WARNING: Invalid plugin directory, all plugins will be skipped." echo " See $CSFILE for details." - log_write ${CSFILE} " Plugin Directory: $XPLUGIN_DIR" - log_write ${CSFILE} " Valid Owner (Current): 0 ($XPLUGIN_DIR_OWNER), Try chown root $XPLUGIN_DIR" - log_write ${CSFILE} " Valid Modes (Current): 41c0,4140 ($XPLUGIN_DIR_MODE), Try chmod 0700 $XPLUGIN_DIR" + log_write ${CSFILE} " Plugin Directory: $XPLUGIN_DIR" + log_write ${CSFILE} " Owner.Group: ${XPLUGIN_DIR_OWNER}.${XPLUGIN_DIR_GRP}" + log_write ${CSFILE} " Access Rights: $XPLUGIN_DIR_MODE" + log_write ${CSFILE} " The plugin directory should be writable only for root and group root." + log_write ${CSFILE} " Currently SUID, SGID and sticky bits are not allowed." fi log_write ${CSFILE} " Environment Value: $SLES_VER ($KERNVER)" log_write ${CSFILE} " Command with Args: $0 $ALL_ARGS" diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/supportutils-1.01/supportconfig.conf.5 new/supportutils-1.01/supportconfig.conf.5 --- old/supportutils-1.01/supportconfig.conf.5 2008-10-24 02:33:30.000000000 +0200 +++ new/supportutils-1.01/supportconfig.conf.5 2008-10-24 21:19:37.000000000 +0200 @@ -1,4 +1,4 @@ -.TH supportconfig.conf "5" "17 Oct 2008" "supportconfig.conf" "Support Utilities Manual" +.TH supportconfig.conf "5" "23 Oct 2008" "supportconfig.conf" "Support Utilities Manual" .SH NAME supportconfig.conf \- .BR supportconfig (1) @@ -175,7 +175,7 @@ Minimizes the amount of disk information and detailed scanning. \fB\-d\fR (0) .TP ADD_OPTION_MINYAST -Normally all of the /var/log/YaST2/y2log logs are included. This option minimizes the amount of each file retrieved. (0) +Normally the entire file for every /var/log/YaST2/* file is included. This option restricts the sizeof each file to VAR_OPTION_LINE_COUNT lines. \fB\-y\fR (0) .TP ADD_OPTION_RPMV Runs an rpm -V on every installed RPM package. This takes some time to complete. \fB\-v\fR, \fBrpm-verify.txt\fR (0) diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/supportutils-1.01/supportutils.changes new/supportutils-1.01/supportutils.changes --- old/supportutils-1.01/supportutils.changes 2008-10-24 02:33:30.000000000 +0200 +++ new/supportutils-1.01/supportutils.changes 2008-10-24 21:19:37.000000000 +0200 @@ -1,4 +1,9 @@ ------------------------------------------------------------------- +Fri Oct 24 13:01:39 MDT 2008 - jrecord@novell.com + +-modified plugin directory security (bnc#438338) + +------------------------------------------------------------------- Thu Oct 23 16:54:35 MDT 2008 - jrecord@novell.com -fixed plugin directory security (bnc#438338) diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/supportutils-1.01/supportutils.spec new/supportutils-1.01/supportutils.spec --- old/supportutils-1.01/supportutils.spec 2008-10-24 02:33:30.000000000 +0200 +++ new/supportutils-1.01/supportutils.spec 2008-10-24 21:19:37.000000000 +0200 @@ -18,7 +18,7 @@ Group: System/Management Autoreqprov: on Version: 1.01 -Release: 20 +Release: 20.1 Source: %{name}-%{version}.tar.gz Summary: Support Troubleshooting Tools BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de