[Pkg-kde-extras] Bug#496452: kvpnc: Not working with openvpn due to default script security

Debian BTS debbugs at rietz.debian.org
Sun Aug 24 20:36:04 UTC 2008 

level
Reply-To: Tobias Koch <tobias.koch at gmail.com>, 496452 at bugs.debian.org
Resent-From: Tobias Koch <tobias.koch at gmail.com>
Resent-To: debian-bugs-dist at lists.debian.org
Resent-CC: tobias.koch at gmail.com, Debian KDE Extras Team <pkg-kde-extras at lists.alioth.debian.org>
Resent-Date: Sun, 24 Aug 2008 20:36:01 +0000
Resent-Message-ID: <handler.496452.B.121961013831012 at bugs.debian.org>
Resent-Sender: owner at bugs.debian.org
X-Debian-PR-Message: report 496452
X-Debian-PR-Package: kvpnc
X-Debian-PR-Keywords: 
X-Debian-PR-Source: kvpnc
Received: via spool by submit at bugs.debian.org id=B.121961013831012
          (code B ref -1); Sun, 24 Aug 2008 20:36:01 +0000
Received: (at submit) by bugs.debian.org; 24 Aug 2008 20:35:38 +0000
X-Spam-Checker-Version: SpamAssassin 3.1.4-bugs.debian.org_2005_01_02 
	(2006-07-26) on rietz.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-8.3 required=4.0 tests=BAYES_00,DNS_FROM_RFC_POST,
	FORGED_RCVD_HELO,FOURLA,HAS_PACKAGE,IMPRONONCABLE_2,RCVD_IN_SORBS_DUL,
	SUBJECT_ENCODED_TWICE,SUBJECT_EXCESS_QP,XMAILER_REPORTBUG,
	X_DEBBUGS_CC autolearn=no version=3.1.4-bugs.debian.org_2005_01_02
Received: from p54a74205.dip.t-dialin.net ([84.167.66.5] helo=adriano.tojoko.dyndns.org)
	by rietz.debian.org with esmtp (Exim 4.63)
	(envelope-from <tobias.koch at gmail.com>)
	id 1KXMJF-00083Z-LL
	for submit at bugs.debian.org; Sun, 24 Aug 2008 20:35:37 +0000
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Tobias Koch <tobias.koch at gmail.com>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Message-ID: <20080824203536.5107.58675.reportbug at adriano.tojoko.dyndns.org>
X-Mailer: reportbug 3.44
Date: Sun, 24 Aug 2008 22:35:36 +0200
Delivered-To: submit at bugs.debian.org

Package: kvpnc
Version: 0.9.0-1
Severity: important


The default script security level of the openvpn package in lenny does 
not allow the execution of user-defined programs or scripts. kvpnc,
which uses hook scripts with openvpn to import for example routing 
information, which is pushed from the server to the client, is not aware 
of this. Bringing up the VPN connection fails with the error message 
shown below. As far as I can tell, there is no way to set the 
script security level in kvpnc or to configure kvpnc to pass additional 
arguments to the vpn server executable.

I'm not sure if this should be rated 'important', as it's less of a bug 
than rather a missing feature, but it sure will hurt many users.

Cheers,
Tobias

Debug: [openvpn] Sun Aug 24 22:00:51 2008 
/home/tobias/.kde/share/apps/kvpnc/openvpn.office.up tun0 1500 1544 
192.168.253.6 192.168.253.5 init
Debug: [openvpn] Sun Aug 24 22:00:51 2008 openvpn_execve: external 
program may not be called due to setting of --script-security level
Debug: [openvpn] Sun Aug 24 22:00:51 2008 script failed: external 
program fork failed
Debug: [openvpn] Sun Aug 24 22:00:51 2008 Exiting
Debug: OpenvpnManagementHandler raw: >FATAL:script failed: external 
program fork failed 
Debug: OpenvpnManagementHandler: eine andere management-Nachricht wurde 
bekommen: >FATAL:script failed: external program fork failed 


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.25-2-686-bigmem (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages kvpnc depends on:
ii  gksu                    2.0.0-5          graphical frontend to su
ii  kdelibs4c2a             4:3.5.9.dfsg.1-6 core libraries and binaries for al
ii  libc6                   2.7-13           GNU C Library: Shared libraries
ii  libgcrypt11             1.4.1-1          LGPL Crypto library - runtime libr
ii  libqt3-mt               3:3.3.8b-5       Qt GUI Library (Threaded runtime v
ii  libstdc++6              4.3.1-2          The GNU Standard C++ Library v3
ii  menu                    2.1.40           generates programs menu for all me
ii  module-init-tools       3.4-1            tools for managing Linux kernel mo
ii  net-tools               1.60-19          The NET-3 networking toolkit
ii  psmisc                  22.6-1           Utilities that use the proc filesy

kvpnc recommends no packages.

Versions of packages kvpnc suggests:
ii  iptables                      1.4.1.1-2  administration tools for packet fi
pn  openct                        <none>     (no description available)
pn  opensc                        <none>     (no description available)
ii  openssl                       0.9.8g-13  Secure Socket Layer (SSL) binary a
pn  openswan                      <none>     (no description available)
ii  openvpn                       2.1~rc9-3  virtual private network daemon
pn  pptp-linux                    <none>     (no description available)
pn  racoon                        <none>     (no description available)
pn  vpnc                          <none>     (no description available)
pn  xl2tpd                        <none>     (no description available)

-- no debconf information

More information about the pkg-kde-extras mailing list