Bug#271715: marked as done (Still invalid permissions on /etc/siproxd_passwd.cfg)

Debian Bug Tracking System owner@bugs.debian.org
Sun, 26 Sep 2004 23:33:16 -0700 

Your message dated Sun, 26 Sep 2004 23:22:13 -0700
with message-id <20040927062208.GD2567@mauritius.dodds.net>
and subject line Still invalid permissions on /etc/siproxd_passwd.cfg
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 14 Sep 2004 18:49:12 +0000
>From bugs@magnetic-ink.dk Tue Sep 14 11:49:12 2004
Return-path: <bugs@magnetic-ink.dk>
Received: from hq.szn.dk (mx.szn.dk) [217.157.1.202] (reremubi)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1C7IMZ-00079X-00; Tue, 14 Sep 2004 11:49:12 -0700
Received: by mx.szn.dk (Postfix, from userid 1007)
	id 30A593A6334; Tue, 14 Sep 2004 20:49:10 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Klaus Alexander Seistrup <debian-bugs@magnetic-ink.dk>
To: Debian Bug Tracking System <submit@bugs.debian.org>
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
Subject: Still invalid permissions on /etc/siproxd_passwd.cfg
X-Mailer: reportbug 2.64
Date: Tue, 14 Sep 2004 20:49:10 +0200
Message-Id: <20040914184910.30A593A6334@mx.szn.dk>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: siproxd
Version: 0.57.snap040720-1
Severity: grave
Justification: user security hole

The files /etc/siproxd.conf and /etc/siproxd_passwd.cfg still get
installed with insecure permissions 0644:

#v+

$ ls -l /etc/siproxd*
-rw-r--r--  1 root root 6516 Jul 24 02:11 /etc/siproxd.conf
-rw-r--r--  1 root root  291 Jul 24 02:11 /etc/siproxd_passwd.cfg
$ 

#v-

even when package is installed from scratch.

NB: This is an iteration of the closed and archived bug #257470
(the BTS refused to 'reopen 257470 !').

Cheers,

  // Klaus

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.21
Locale: LANG=POSIX, LC_CTYPE=da_DK

Versions of packages siproxd depends on:
ii  adduser                     3.59         Add and remove users and groups
ii  libc6                       2.3.2.ds1-16 GNU C Library: Shared libraries an
ii  libgcc1                     1:3.4.2-2    GCC support library
ii  libosip2                    2.0.6-2      Session Initiation Protocol (SIP) 

-- no debconf information

---------------------------------------
Received: (at 271715-done) by bugs.debian.org; 27 Sep 2004 06:21:52 +0000
>From vorlon@debian.org Sun Sep 26 23:21:52 2004
Return-path: <vorlon@debian.org>
Received: from dsl093-039-086.pdx1.dsl.speakeasy.net (localhost.localdomain) [66.93.39.86] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CBotU-0003QZ-00; Sun, 26 Sep 2004 23:21:52 -0700
Received: by localhost.localdomain (Postfix, from userid 1000)
	id A8645171D4A; Sun, 26 Sep 2004 23:22:13 -0700 (PDT)
Date: Sun, 26 Sep 2004 23:22:13 -0700
From: Steve Langasek <vorlon@debian.org>
To: 271715-done@bugs.debian.org
Subject: Re: Still invalid permissions on /etc/siproxd_passwd.cfg
Message-ID: <20040927062208.GD2567@mauritius.dodds.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="Ycz6tD7Th1CMF4v7"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040722i
Delivered-To: 271715-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--Ycz6tD7Th1CMF4v7
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

The maintainer's fix for this bug has reached testing, therefore I am
closing this report.

Thanks,
--=20
Steve Langasek
postmodern programmer

--Ycz6tD7Th1CMF4v7
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBV7GQKN6ufymYLloRAv/TAJ9vsaKbcxOwrW9i8i074pyq/cp+2gCgm7Nq
QqsGLoeV6buKK++DPzef/vw=
=GadV
-----END PGP SIGNATURE-----

--Ycz6tD7Th1CMF4v7--