Debian bug report logs -
#1766, boring messages
Message sent to debian-devel@pixar.com:
Subject: Bug#1766: Bug in script checksecurity in package cron
Reply-To: srivasta@pilgrim.umass.edu (Manoj Srivastava), debian-bugs@pixar.com
Resent-From: srivasta@pilgrim.umass.edu (Manoj Srivastava)
Orignal-Sender: srivasta@pilgrim.umass.edu
Resent-To: debian-devel@pixar.com
Resent-Date: Thu, 26 Oct 1995 01:33:02 GMT
Resent-Message-ID: <debian-bugs-handler.1766.B10260128230@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: cron
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Thu, 26 Oct 1995 01:33:02 GMT
Received: with rfc822 via encapsulated-mail; Thu, 26 Oct 1995 01:28:21 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t8H6E-0006noC; Wed, 25 Oct 95 18:27 PDT
Received: from plymouth.pilgrim.umass.edu by pixar.com with SMTP id AA14357
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Wed, 25 Oct 1995 18:26:49 -0700
Received: (from srivasta@localhost) by plymouth.pilgrim.umass.edu (8.6.12/8.6.12) id VAA25207; Wed, 25 Oct 1995 21:27:11 -0400
Sender: srivasta@pilgrim.umass.edu
To: debian-bugs@Pixar.com
X-Geek-3: GE/CS d+(--) s:++>: a C++++$ ULUHO++++$ P+++$ L+++ E+++
W+++$ N+++ K-? !w--- O-? !M-- !V-- PS+ PE- Y+ PGP++ t@ 5++ !X R++
b+++ DI+++ D- G e+++ h+ r++ y+
X-Organization: University of Massachusetts, Amherst, MA 01003
X-Time: Wed Oct 25 21:26:53 1995
Mailer: Vm 5.95 (beta) for GNU Emacs 19.14 XEmacs Lucid (beta5)
From: srivasta@pilgrim.umass.edu (Manoj Srivastava)
Date: 25 Oct 1995 21:26:52 -0400
Message-Id: <gvx68hd6nmr.fsf@plymouth.pilgrim.umass.edu>
Organization: Project Pilgrim, University of Massachusetts at Amherst
Lines: 56
X-Mailer: September Gnus v0.11
Package: cron
Version: 3.0pl1
Revision: 20
I have a problem with the script checksecurity, which
apparently come with cron. The problem is with the lines that
generate the /var/log/setuid.today file (patch follows).
Explanation: The mount | grep -v command is the problem for
anyone who has more than one partitions mounted; the script actually
tries to run find with multiple starting points (which is an error),
like find dir1 dir2 dir3 -xdev ... The solution is to look at all
the directories discovered by the mount snippet and examine each in a
for loop. (This has been one of my more incoherent explanations; feel
free to mail me for clarifications).
Also, I think one should exclude all mounted systems of type
msdos (If nothing else, it save time).
manoj
__> dpkg -S checksecurity
cron: /usr/sbin/checksecurity
> diff -u -B -b -w /usr/sbin/checksecurity.dist /usr/sbin/checksecurity
--- /usr/sbin/checksecurity.dist Wed Sep 20 20:52:12 1995
+++ /usr/sbin/checksecurity Thu Oct 19 11:05:23 1995
@@ -10,10 +10,9 @@
umask 077
cd /
-
-find `mount | grep -vE ' type (proc|iso9660) |^/dev/fd| on /mnt' | cut -d ' ' -f 3` \
- -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls \
- | sort >$TMP
+for dir in `mount | grep -vE ' type (proc|iso9660|msdos) |^/dev/fd| on /mnt' | cut -d ' ' -f 3`; do
+ /usr/bin/find $dir -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls ;
+done | sort >$TMP
if ! cmp -s $LOG/setuid.today $TMP >/dev/null
then
-- ...difference of opinion is advantageious in religion. The several
sects perform the office of a common censor morum over each other.
Is uniformity attainable? Millions of innocent men, women, and
children, since the introduction of Christianity, have been burnt,
tortured, fined, imprisoned; yet we have not advanced one inch
towards uniformity. Thomas Jefferson, "Notes on Virginia"
Manoj Srivastava Project Pilgrim, Department of Computer Science
Phone: (413) 545-3918 A143B Lederle Graduate Research Center
Fax: (413) 545-1249 University of Massachusetts, Amherst, MA 01003
email:srivasta@pilgrim.umass.edu http://www.pilgrim.umass.edu/~srivasta/
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: srivasta@pilgrim.umass.edu (Manoj Srivastava)
Subject: Bug#1766: Acknowledgement (was: Bug in script checksecurity in package cron)
In-Reply-To: <gvx68hd6nmr.fsf@plymouth.pilgrim.umass.edu>
References: <gvx68hd6nmr.fsf@plymouth.pilgrim.umass.edu>
Thank you for the problem report you have sent regarding Debian GNU/Linux.
This is an automatically generated reply, to let you know your message has
been received. It is being forwarded to the developers' mailing list for
their attention; they will reply in due course.
If you wish to submit further information on your problem, please send
it to debian-bugs@pixar.com, but please ensure that the Subject
line of your message starts with "Bug#1766" or "Re: Bug#1766" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1766: Bug in script checksecurity in package cron
Reply-To: Ian Jackson <ian@chiark.chu.cam.ac.uk>, debian-bugs@pixar.com
Resent-From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
Resent-To: debian-devel@pixar.com
Resent-Date: Thu, 26 Oct 1995 13:33:01 GMT
Resent-Message-ID: <debian-bugs-handler.1766.B10261325480@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: cron
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Thu, 26 Oct 1995 13:33:01 GMT
Received: with rfc822 via encapsulated-mail; Thu, 26 Oct 1995 13:25:45 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t8SHm-000C44C; Thu, 26 Oct 95 06:23 PDT
Received: from artemis.chu.cam.ac.uk by pixar.com with SMTP id AA22487
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Thu, 26 Oct 1995 06:23:22 -0700
Received: from chiark.chu.cam.ac.uk by artemis.chu.cam.ac.uk with smtp
(Smail3.1.29.1 #33) id m0t8SEV-0007uRC; Thu, 26 Oct 95 13:20 GMT
Received: by chiark.chu.cam.ac.uk
id m0t8SEJ-0002baC
(Debian /\oo/\ Smail3.1.29.1 #29.33); Thu, 26 Oct 95 13:20 GMT
Message-Id: <m0t8SEJ-0002baC@chiark.chu.cam.ac.uk>
Date: Thu, 26 Oct 95 13:20 GMT
From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
To: srivasta@pilgrim.umass.edu (Manoj Srivastava), debian-bugs@Pixar.com
Manoj Srivastava writes ("Bug#1766: Bug in script checksecurity in package cron"):
> Explanation: The mount | grep -v command is the problem for
> anyone who has more than one partitions mounted; the script actually
> tries to run find with multiple starting points (which is an error),
> like find dir1 dir2 dir3 -xdev ... The solution is to look at all
> the directories discovered by the mount snippet and examine each in a
> for loop. (This has been one of my more incoherent explanations; feel
> free to mail me for clarifications).
>From find(1):
SYNOPSIS
find [path...] [expression]
You are allowed to specify several paths. What makes you think you
aren't ?
> Also, I think one should exclude all mounted systems of type
> msdos (If nothing else, it save time).
That's probably a good idea. I'll implement it.
Ian.
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <ian@chiark.chu.cam.ac.uk>
Subject: Bug#1766: Info received (was Bug#1766: Bug in script checksecurity in package cron)
In-Reply-To: <m0t8SEJ-0002baC@chiark.chu.cam.ac.uk>
References: <m0t8SEJ-0002baC@chiark.chu.cam.ac.uk>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1766" or "Re: Bug#1766" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent to debian-devel@pixar.com:
Subject: Bug#1766: Bug in script checksecurity in package cron
Reply-To: srivasta@pilgrim.umass.edu (Manoj Srivastava), debian-bugs@pixar.com
Resent-From: srivasta@pilgrim.umass.edu (Manoj Srivastava)
Orignal-Sender: srivasta@pilgrim.umass.edu
Resent-To: debian-devel@pixar.com
Resent-Date: Fri, 27 Oct 1995 06:33:02 GMT
Resent-Message-ID: <debian-bugs-handler.1766.B10270628020@pixar.com>
Resent-Sender: iwj10@cus.cam.ac.uk
X-Debian-PR-Package: cron
X-Debian-PR-Keywords:
Received: via spool for debian-bugs; Fri, 27 Oct 1995 06:33:02 GMT
Received: with rfc822 via encapsulated-mail; Fri, 27 Oct 1995 06:28:02 GMT
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t8iFm-000BWxC; Thu, 26 Oct 95 23:26 PDT
Received: from plymouth.pilgrim.umass.edu by pixar.com with SMTP id AA28262
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Thu, 26 Oct 1995 23:26:32 -0700
Received: (from srivasta@localhost) by plymouth.pilgrim.umass.edu (8.6.12/8.6.12) id CAA00947; Fri, 27 Oct 1995 02:26:52 -0400
Sender: srivasta@pilgrim.umass.edu
To: debian-bugs@Pixar.com
Cc: (Manoj Srivastava)
X-Geek-3: GE/CS d+(--) s:++>: a C++++$ ULUHO++++$ P+++$ L+++ E+++
W+++$ N+++ K-? !w--- O-? !M-- !V-- PS+ PE- Y+ PGP++ t@ 5++ !X R++
b+++ DI+++ D- G e+++ h+ r++ y+
X-Organization: University of Massachusetts, Amherst, MA 01003
X-Time: Fri Oct 27 02:26:33 1995
Mailer: Vm 5.95 (beta) for GNU Emacs 19.14 XEmacs Lucid (beta5)
References: <m0t8SEJ-0002baC@chiark.chu.cam.ac.uk>
From: srivasta@pilgrim.umass.edu (Manoj Srivastava)
Date: 27 Oct 1995 02:26:33 -0400
In-Reply-To: Ian Jackson's message of Thu, 26 Oct 95 13:20 GMT
Message-Id: <gvx3fcfsaqu.fsf@plymouth.pilgrim.umass.edu>
Organization: Project Pilgrim, University of Massachusetts at Amherst
Lines: 80
X-Mailer: September Gnus v0.11
Hi,
I'm sorry, I should have investigated further before firing
off that bug report about checksecurity. There is no problem with
multiple dir arguments to find (which is perfectly legal, as Ian
Jackson pointed out).
The problem was that there were no
/var/log/setuid.{today,yesterday} files on my system, and
checksecurity failed to create them, resulting in a mail message
every time the cron job was run. If such a file is created, maybe
there is no problem, so a generic setuid.today file should be
installed? (From the trace below, you can see that the diff fails if
there is no setuid.today file). Should I file a fresh bug report?
manoj
Here is what I did to check that:
<root@melkor:[~]> rm -f /var/log/setuid.today
<root@melkor:[~]> bash -x checksecurity.dist
+ set -e
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ LOG=/var/log
+ TMP=/tmp/_secure.21828
+ umask 077
+ cd /
++ mount
++ grep -vE type (proc|iso9660) |^/dev/fd| on /mnt
++ cut -d -f 3
+ find / /dos /usr /usr/local -xdev ( -type f -perm +06000 -o -type b
-o -type c ) -ls
+ sort
+ cmp -s /var/log/setuid.today /tmp/_secure.21828
++ hostname
+ echo melkor changes to setuid programs and devices:
melkor changes to setuid programs and devices:
+ diff /var/log/setuid.today /tmp/_secure.21828
diff: /var/log/setuid.today: No such file or directory
+ [ 2 = 1 ]
<root@melkor:[~]> cp /var/log/setuid.yesterday /var/log/setuid.today
<root@melkor:[~]> bash -x checksecurity.dist
+ set -e
+ PATH=/sbin:/bin:/usr/sbin:/usr/bin
+ LOG=/var/log
+ TMP=/tmp/_secure.21873
+ umask 077
+ cd /
++ mount
++ grep -vE type (proc|iso9660) |^/dev/fd| on /mnt
++ cut -d -f 3
+ find / /dos /usr /usr/local -xdev ( -type f -perm +06000 -o -type b
-o -type c ) -ls
+ sort
+ cmp -s /var/log/setuid.today /tmp/_secure.21873
++ hostname
+ echo melkor changes to setuid programs and devices:
melkor changes to setuid programs and devices:
+ diff /var/log/setuid.today /tmp/_secure.21873
5c5,6
< 2111 68 -rwsr-x--- 1 root dip 69632 Oct 22 21:27
/usr/sbin/dip
---
> 2098 68 -rwsr-x--- 1 root dip 69632 Oct 24 19:19
> /usr/sbin/dip
[much deleted here]
+ [ 1 = 1 ]
+ mv /var/log/setuid.today /var/log/setuid.yesterday
+ mv /tmp/_secure.21873 /var/log/setuid.today
+ rm -f /tmp/_secure.21873
-- To be sure of hitting the target, shoot first, and call whatever you
hit the target. Ashleigh Brilliant
Manoj Srivastava Project Pilgrim, Department of Computer Science
Phone: (413) 545-3918 A143B Lederle Graduate Research Center
Fax: (413) 545-1249 University of Massachusetts, Amherst, MA 01003
email:srivasta@pilgrim.umass.edu http://www.pilgrim.umass.edu/~srivasta/
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: srivasta@pilgrim.umass.edu (Manoj Srivastava)
Subject: Bug#1766: Info received (was Bug#1766: Bug in script checksecurity in package cron)
In-Reply-To: <gvx3fcfsaqu.fsf@plymouth.pilgrim.umass.edu>
References: <gvx3fcfsaqu.fsf@plymouth.pilgrim.umass.edu>
Thank you for the additional information you have supplied regarding
this problem report. It has been forwarded to the developers to
accompany the original report.
If you wish to continue to submit further information on your problem,
please do the same thing again: send it to debian-bugs@pixar.com, ensuring
that the Subject line starts with "Bug#1766" or "Re: Bug#1766" so that
we can identify it as relating to the same problem.
Please do not reply to the address at the top of this message,
unless you wish to report a problem with the bug-tracking system.
Ian Jackson
(maintainer, debian-bugs)
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: Ian Jackson <ian@chiark.chu.cam.ac.uk>
In-Reply-To: <m0t9Ml1-0002bdC@chiark.chu.cam.ac.uk>
References: <m0t9Ml1-0002bdC@chiark.chu.cam.ac.uk> <gvx68hd6nmr.fsf@plymouth.pilgrim.umass.edu>
Subject: Bug#1766: marked as done (was: Bug in script checksecurity in package cron)
Your message dated Sun, 29 Oct 95 01:41 GMT
with message-id <m0t9Ml1-0002bdC@chiark.chu.cam.ac.uk>
and subject line Bug#1766: Bug in script checksecurity in package cron
has caused the attached bug report to be marked as done.
It is your now responsibility to ensure that the bug report is dealt
with.
(NB: If you are a system administrator and have no idea what I'm
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Ian Jackson
(maintainer, debian-bugs)
Received: with rfc822 via encapsulated-mail; Thu, 26 Oct 1995 01:28:21 GMT
From pilgrim.umass.edu!srivasta Wed Oct 25 18:27:18 1995
Return-Path: <srivasta@pilgrim.umass.edu>
Received: from pixar.com by mongo.pixar.com with smtp
(Smail3.1.28.1 #15) id m0t8H6E-0006noC; Wed, 25 Oct 95 18:27 PDT
Received: from plymouth.pilgrim.umass.edu by pixar.com with SMTP id AA14357
(5.67b/IDA-1.5 for debian-bugs-pipe@mongo.pixar.com); Wed, 25 Oct 1995 18:26:49 -0700
Received: (from srivasta@localhost) by plymouth.pilgrim.umass.edu (8.6.12/8.6.12) id VAA25207; Wed, 25 Oct 1995 21:27:11 -0400
Sender: srivasta@pilgrim.umass.edu
To: debian-bugs@Pixar.com
Subject: Bug in script checksecurity in package cron
X-Geek-3: GE/CS d+(--) s:++>: a C++++$ ULUHO++++$ P+++$ L+++ E+++
W+++$ N+++ K-? !w--- O-? !M-- !V-- PS+ PE- Y+ PGP++ t@ 5++ !X R++
b+++ DI+++ D- G e+++ h+ r++ y+
X-Organization: University of Massachusetts, Amherst, MA 01003
X-Time: Wed Oct 25 21:26:53 1995
Mailer: Vm 5.95 (beta) for GNU Emacs 19.14 XEmacs Lucid (beta5)
From: srivasta@pilgrim.umass.edu (Manoj Srivastava)
Date: 25 Oct 1995 21:26:52 -0400
Message-Id: <gvx68hd6nmr.fsf@plymouth.pilgrim.umass.edu>
Organization: Project Pilgrim, University of Massachusetts at Amherst
Lines: 56
X-Mailer: September Gnus v0.11
Package: cron
Version: 3.0pl1
Revision: 20
I have a problem with the script checksecurity, which
apparently come with cron. The problem is with the lines that
generate the /var/log/setuid.today file (patch follows).
Explanation: The mount | grep -v command is the problem for
anyone who has more than one partitions mounted; the script actually
tries to run find with multiple starting points (which is an error),
like find dir1 dir2 dir3 -xdev ... The solution is to look at all
the directories discovered by the mount snippet and examine each in a
for loop. (This has been one of my more incoherent explanations; feel
free to mail me for clarifications).
Also, I think one should exclude all mounted systems of type
msdos (If nothing else, it save time).
manoj
__> dpkg -S checksecurity
cron: /usr/sbin/checksecurity
> diff -u -B -b -w /usr/sbin/checksecurity.dist /usr/sbin/checksecurity
--- /usr/sbin/checksecurity.dist Wed Sep 20 20:52:12 1995
+++ /usr/sbin/checksecurity Thu Oct 19 11:05:23 1995
@@ -10,10 +10,9 @@
umask 077
cd /
-
-find `mount | grep -vE ' type (proc|iso9660) |^/dev/fd| on /mnt' | cut -d ' ' -f 3` \
- -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls \
- | sort >$TMP
+for dir in `mount | grep -vE ' type (proc|iso9660|msdos) |^/dev/fd| on /mnt' | cut -d ' ' -f 3`; do
+ /usr/bin/find $dir -xdev \( -type f -perm +06000 -o -type b -o -type c \) -ls ;
+done | sort >$TMP
if ! cmp -s $LOG/setuid.today $TMP >/dev/null
then
-- ...difference of opinion is advantageious in religion. The several
sects perform the office of a common censor morum over each other.
Is uniformity attainable? Millions of innocent men, women, and
children, since the introduction of Christianity, have been burnt,
tortured, fined, imprisoned; yet we have not advanced one inch
towards uniformity. Thomas Jefferson, "Notes on Virginia"
Manoj Srivastava Project Pilgrim, Department of Computer Science
Phone: (413) 545-3918 A143B Lederle Graduate Research Center
Fax: (413) 545-1249 University of Massachusetts, Amherst, MA 01003
email:srivasta@pilgrim.umass.edu http://www.pilgrim.umass.edu/~srivasta/
Message sent:
From: iwj10@thor.cam.ac.uk (Ian Jackson)
To: srivasta@pilgrim.umass.edu (Manoj Srivastava)
Subject: Bug#1766 acknowledged by developer (was: Bug in script checksecurity in package cron)
References: <m0t9Ml1-0002bdC@chiark.chu.cam.ac.uk> <gvx68hd6nmr.fsf@plymouth.pilgrim.umass.edu>
In-Reply-To: <gvx68hd6nmr.fsf@plymouth.pilgrim.umass.edu>
This is an automatic notification regarding your bug report.
Responsibility for it has been taken by one of the developers, namely
Ian Jackson <ian@chiark.chu.cam.ac.uk>.
You should be hearing from them with a substantive response shortly, if
you have not already done so. If not, please contact them directly,
or email debian-bugs@pixar.com or myself.
Ian Jackson
(maintainer, debian-bugs)
Ian Jackson /
iwj10@thor.cam.ac.uk,
with the debian-bugs tracking mechanism