[Debian-med-packaging] Bug#751579: ~/.t_coffee/ is world-writable
Andreas Tille
tille at debian.org
Wed Jun 25 13:02:16 UTC 2014
Hi Cédric,
a security issue in t-coffee was detected in the Debian packaged
version. Could you provide some fix for this?
Kind regards and thanks for providing t-coffee as free software
Andreas.
On Sat, Jun 14, 2014 at 03:45:22PM +0200, Jakub Wilk wrote:
> Package: t-coffee
> Version: 10.00.r1613-1
> Tags: security
>
> t-coffee creates ~/.t_coffee/ (and the subdirectories) as
> world-writable, ignoring umask:
>
> jwilk at lagrange:~$ find .t_coffee/ -ls
> find: `.t_coffee/': No such file or directory
>
> jwilk at lagrange:~$ umask
> 0022
>
> jwilk at lagrange:~$ t_coffee > /dev/null 2>&1
>
> jwilk at lagrange:~$ find .t_coffee/ -ls
> 55 4 drwxrwxrwx 6 jwilk jwilk 4096 Jun 14 11:34 .t_coffee/
> 150 4 drwxrwxrwx 2 jwilk jwilk 4096 Jun 14 11:34 .t_coffee/cache
> 257 4 drwxrwxrwx 2 jwilk jwilk 4096 Jun 14 11:34 .t_coffee/mcoffee
> 730 4 drwxrwxrwx 2 jwilk jwilk 4096 Jun 14 11:34 .t_coffee/methods
> 769 4 drwxrwxrwx 3 jwilk jwilk 4096 Jun 14 11:34 .t_coffee/plugins
> 1044 4 drwxrwxrwx 2 jwilk jwilk 4096 Jun 14 11:34 .t_coffee/plugins/linux
>
>
> -- System Information:
> Debian Release: jessie/sid
> APT prefers unstable
> APT policy: (990, 'unstable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 3.14-1-amd64 (SMP w/1 CPU core)
> Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
> Shell: /bin/sh linked to /bin/dash
>
> Versions of packages t-coffee depends on:
> ii libc6 2.19-1
> ii libgcc1 1:4.9.0-5
> ii libstdc++6 4.9.0-5
>
> --
> Jakub Wilk
>
> _______________________________________________
> Debian-med-packaging mailing list
> Debian-med-packaging at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-med-packaging
>
--
http://fam-tille.de
More information about the Debian-med-packaging
mailing list