Bug#280355: marked as done (/usr/bin/gnome-keyring-daemon:
gnome-keyring-daemon: Dosen't background properly, leaving stdio open to
attack.)
Debian Bug Tracking System
owner@bugs.debian.org
Wed, 12 Jan 2005 01:33:10 -0800
Your message dated Wed, 12 Jan 2005 10:18:10 +0100
with message-id <1105521491.11722.19.camel@localhost.localdomain>
and subject line Closing this bug, unable to reproduce
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 8 Nov 2004 21:35:50 +0000
>From cheako@overrun.is-a-geek.org Mon Nov 08 13:35:50 2004
Return-path: <cheako@overrun.is-a-geek.org>
Received: from rwcrmhc11.comcast.net [204.127.198.35]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CRHAz-0008HF-00; Mon, 08 Nov 2004 13:35:49 -0800
Received: from train.is-a-geek.org ([24.245.9.227])
by comcast.net (rwcrmhc11) with ESMTP
id <2004110821351901300bv74fe>; Mon, 8 Nov 2004 21:35:19 +0000
Received: from overrun.is-a-geek.org ([10.0.0.130] helo=localhost)
by train.is-a-geek.org with esmtp (TLS-1.0:RSA_ARCFOUR_SHA:16)
(Exim 4.34)
id 1CRHAM-0003mK-MW; Mon, 08 Nov 2004 15:35:10 -0600
Received: from cheako by localhost with local (Exim 4.34)
id 1CRHAS-0002IU-Qc; Mon, 08 Nov 2004 15:35:16 -0600
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Mike Mestnik <cheako911@yahoo.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: /usr/bin/gnome-keyring-daemon: gnome-keyring-daemon: Dosen't background
properly, leaving stdio open to attack.
Reply-To: cheako911@yahoo.com
X-Mailer: reportbug 3.1
Date: Mon, 08 Nov 2004 15:35:16 -0600
Message-Id: <E1CRHAS-0002IU-Qc@localhost>
Sender: "Mike Mestnik) (The Archmage Forever" <cheako@overrun.is-a-geek.org>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.1 required=4.0 tests=BAYES_00,FORGED_YAHOO_RCVD,
FROM_ENDS_IN_NUMS,HAS_PACKAGE autolearn=no
version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: gnome-keyring
Version: 0.2.1-3
Severity: important
File: /usr/bin/gnome-keyring-daemon
I'v marked this important since this behaviour may be exploitable. The
controling tty is left open and thus any one with write permitions to the
TTY might be able to send gnome-keyring-daemon signals or exploit buffer
attacks. The debian package should background gnome-keyring-daemon with the
daemon(1) program untill the program can included these vital features.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (980, 'unstable'), (900, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.9-1-k7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages gnome-keyring depends on:
ii libatk1.0-0 1.6.1-5 The ATK accessibility toolkit
ii libc6 2.3.2.ds1-18 GNU C Library: Shared libraries an
ii libglib2.0-0 2.4.7-1 The GLib library of C routines
ii libgtk2.0-0 2.4.13-1 The GTK+ graphical user interface
ii libpango1.0-0 1.4.1-4 Layout and rendering of internatio
-- no debconf information
---------------------------------------
Received: (at 280355-done) by bugs.debian.org; 12 Jan 2005 09:18:49 +0000
>From ondrej@sury.org Wed Jan 12 01:18:49 2005
Return-path: <ondrej@sury.org>
Received: from peter.smtp.cz (out.smtp.cz) [81.95.97.120]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CoeeP-0008TY-00; Wed, 12 Jan 2005 01:18:49 -0800
Received: (qmail 6908 invoked from network); 12 Jan 2005 09:18:47 -0000
Received: from unknown (HELO smolda) (ondrej@sury.org@81.95.104.167)
by peter.smtp.cz with SMTP; 12 Jan 2005 09:18:47 -0000
Subject: Closing this bug, unable to reproduce
From: Ondrej Sury <ondrej@sury.org>
To: 280355-done@bugs.debian.org
Content-Type: text/plain
Date: Wed, 12 Jan 2005 10:18:10 +0100
Message-Id: <1105521491.11722.19.camel@localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.1.2
Content-Transfer-Encoding: 7bit
Delivered-To: 280355-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
If you check open files of running g-k-d, it doesn't leave any TTY open:
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
gnome-key 8420 ondrej cwd DIR 3,2 4096 622594 /home/ondrej
gnome-key 8420 ondrej rtd DIR 3,2 4096 2 /
gnome-key 8420 ondrej txt REG 3,2 71640 1509041 /usr/bin/gnome-keyring-daemon
gnome-key 8420 ondrej mem REG 3,2 34516 2753415 /lib/tls/i686/cmov/libnss_files-2.3.2.so
gnome-key 8420 ondrej mem REG 3,2 32348 2753417 /lib/tls/i686/cmov/libnss_nis-2.3.2.so
gnome-key 8420 ondrej mem REG 3,2 73304 2753412 /lib/tls/i686/cmov/libnsl-2.3.2.so
gnome-key 8420 ondrej mem REG 3,2 28420 2753413 /lib/tls/i686/cmov/libnss_compat-2.3.2.so
gnome-key 8420 ondrej mem REG 3,2 1222020 2753407 /lib/tls/i686/cmov/libc-2.3.2.so
gnome-key 8420 ondrej mem REG 3,2 506408 1512927 /usr/lib/libglib-2.0.so.0.600.1
gnome-key 8420 ondrej mem REG 3,2 88936 2752637 /lib/ld-2.3.2.so
gnome-key 8420 ondrej 0r CHR 1,3 1254 /dev/null
gnome-key 8420 ondrej 1w CHR 1,3 1254 /dev/null
gnome-key 8420 ondrej 2w FIFO 0,5 12729 pipe
gnome-key 8420 ondrej 3u unix 0xe97ddc80 12950 /tmp/keyring-QACjAF/socket
--
Ondrej Sury <ondrej@sury.org>