[Pkg-nagios-devel] Bug#293242: marked as done (nagios-common: postinst needs to use dpkg-statoverride so that CGI suidness isn't lost)

Debian Bug Tracking System owner@bugs.debian.org
Thu, 24 Feb 2005 18:33:07 -0800

Your message dated Thu, 24 Feb 2005 21:21:29 -0500
with message-id <20050225022129.GA18780@seanius.net>
and subject line bug closed
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

Received: (at submit) by bugs.debian.org; 1 Feb 2005 22:49:42 +0000
>From steveg@lsli.com Tue Feb 01 14:49:34 2005
Return-path: <steveg@lsli.com>
Received: from gw.lsli.com [] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Cw6px-0002QR-00; Tue, 01 Feb 2005 14:49:33 -0800
Received: by gw.lsli.com (Postfix, from userid 501)
	id 6C3192880AF; Tue,  1 Feb 2005 16:33:02 -0600 (CST)
Received: by lsli.com via smwrap Version 5.1.5
	 id smwrap6KjfTZ; Tue Feb  1 16:32:24 2005
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: steveg <steveg@lsli.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: nagios-common: postinst needs to use dpkg-statoverride so that CGI suidness
 isn't lost
Reply-To: Steve Greenland <steveg@lsli.com>
Date: Tue, 01 Feb 2005 16:48:53 -0600
Message-Id: <20050201224853.1C9A28017@lsli.com>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: nagios-common
Version: 2:1.3-cvs.20050116-1
Severity: important

The postinst will set the nagios CGIs suid nagios if the user has
requested it via the debconf variable. However, this will be lost the
next time the user upgrades nagios-{text,mysql,pgsql} because the
setting is done in the -common post install. (My guess is that your
assumption was that they would be installed/upgraded together. That
doesn't cover the case of switching between the various DB choices,

The proper way to do this is with dpkg-statoverride (use the --update
option to make it immediate). This way, dpkg will take care of
preserving the suidness on upgrades/switches.

(I'm not actually sure that making all the CGIs SUID is actually the
proper approach at all. Shouldn't the cmd file be moved somewhere where
it is safe to make it writable by group www-data?)


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.18-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)

Versions of packages nagios-common depends on:
ii  adduser          3.59                    Add and remove users and groups
ii  apache [httpd]   1.3.33-3                versatile, high-performance HTTP s
ii  coreutils [fileu 5.2.1-2                 The GNU core utilities
ii  debconf [debconf               Debian configuration management sy
ii  fileutils        5.2.1-2                 The GNU file management utilities 
ii  mailx            1:8.1.2-0.20040524cvs-4 A simple mail user agent
ii  nagios-mysql [na 2:1.3-cvs.20050116-1    A host/service/network monitoring 
ii  nagios-plugins              Plugins for the nagios network mon

-- debconf information:
* nagios/wwwsuid: true
* nagios/configapache: Both

Received: (at 293242-close) by bugs.debian.org; 25 Feb 2005 02:22:05 +0000
>From seanius@seanius.net Thu Feb 24 18:22:05 2005
Return-path: <seanius@seanius.net>
Received: from dsl092-235-113.phl1.dsl.speakeasy.net (sativa.seanius.net) [] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1D4V7F-0007ix-00; Thu, 24 Feb 2005 18:22:05 -0800
Received: by sativa.seanius.net (Postfix, from userid 1000)
	id 72E8115829; Thu, 24 Feb 2005 21:21:29 -0500 (EST)
Date: Thu, 24 Feb 2005 21:21:29 -0500
From: sean finney <seanius@debian.org>
To: 293242-close@bugs.debian.org, 291351-close@bugs.debian.org,
	294178-close@bugs.debian.org, 289830-close@bugs.debian.org
Subject: bug closed
Message-ID: <20050225022129.GA18780@seanius.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="TB36FDmn/VVEgNH/"
Content-Disposition: inline
User-Agent: Mutt/
Delivered-To: 293242-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
X-CrossAssassin-Score: 3

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

just realized, -2 was never uploaded, so this bug was never



Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.2.4 (GNU/Linux)