Bug John, suppression de /etc/shadow
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
john (Debian) |
Fix Released
|
Unknown
|
|||
john (Ubuntu) |
Fix Released
|
Medium
|
Matt Zimmerman |
Bug Description
Automatically imported from Debian bug report #296766 http://
In Debian Bug tracker #296766, test (trichet-olivier) wrote : John: deletion of /etc/shadow [was Re: Bug John, suppression de /etc/shadow] | #1 |
In Debian Bug tracker #296766, Guilherme de S. Pastore (fatalerror) wrote : severity of 296766 is critical | #2 |
# Automatically generated email from bts, devscripts version 2.8.10
severity 296766 critical
In Debian Bug tracker #296766, Guilherme de S. Pastore (fatalerror) wrote : tagging 296766 | #3 |
# Automatically generated email from bts, devscripts version 2.8.10
tags 296766 pending
In Debian Bug tracker #296766, Guilherme de S. Pastore (fatalerror) wrote : retitle 296766 to john: should be clearer on the explanation of passfile directive | #4 |
# Automatically generated email from bts, devscripts version 2.8.10
retitle 296766 john: should be clearer on the explanation of passfile directive
In Debian Bug tracker #296766, Guilherme de S. Pastore (fatalerror) wrote : severity of 296766 is important | #5 |
# Automatically generated email from bts, devscripts version 2.8.10
severity 296766 important
Debian Bug Importer (debzilla) wrote : | #6 |
Automatically imported from Debian bug report #296766 http://
Debian Bug Importer (debzilla) wrote : | #7 |
Message-ID: <email address hidden>
Date: Thu, 24 Feb 2005 15:35:07 +0100
From: Yoann <email address hidden>
To: <email address hidden>
Subject: Bug John, suppression de /etc/shadow
Package: John
Apres une mise a jour du package John il y a environ 4 jours,
mon /etc/shadow etait supprime toutes les nuits.
John etait dans la cron afin de verifier toutes les nuits
les mots de passes des utilisateurs, et lors de son demarrage,
il supprimais directement les fichiers /etc/shadow* et quittais.
Mon fichier de conf :
#cat /etc/john/
# These are the shells that should be ignored by john. If you
# install falselogin, for example, you may want to add it to
# the list.
shells=
# This is the mail command. You may actually use any program
# here; the message in /etc/john.msg will be piped into it,
# with the login name and host name substituted.
# You may want to use a program to log information about
# weak passwords (but that means sensitive information would be
# kept somewhere - be careful!)
mailcmd=
# This is the passfile, which defines a temporary file that contains
# the content of /etc/passwd and /etc/shadow while the cronjob is run.
# Since this file contains sensible data, no default is provided and
# you need to specify a file name to be used."
passfile=
Un # de la derniere ligne a reussit a supprimer le probleme.
Le package est desinstalle.
Debian Bug Importer (debzilla) wrote : | #8 |
Message-Id: <email address hidden>
Date: Thu, 24 Feb 2005 16:50:20 +0100
From: Olivier Trichet <email address hidden>
To: <email address hidden>
Subject: John: deletion of /etc/shadow [was Re: Bug John, suppression de /etc/shadow]
> Package: John
>
> Apres une mise a jour du package John il y a environ 4 jours,
> mon /etc/shadow etait supprime toutes les nuits.
> John etait dans la cron afin de verifier toutes les nuits
> les mots de passes des utilisateurs, et lors de son demarrage,
> il supprimais directement les fichiers /etc/shadow* et quittais.
>
After an update of john's package 4 days ago, my /etc/shadow file was
deleted each night. John was in the cron in order to check users'
password each night, but on startup it deleted all /etc/shadow* file and
exited.
> Mon fichier de conf :
my configuration file:
> #cat /etc/john/
>
> # These are the shells that should be ignored by john. If you
> # install falselogin, for example, you may want to add it to
> # the list.
> shells=
>
> # This is the mail command. You may actually use any program
> # here; the message in /etc/john.msg will be piped into it,
> # with the login name and host name substituted.
> # You may want to use a program to log information about
> # weak passwords (but that means sensitive information would be
> # kept somewhere - be careful!)
> mailcmd=
>
> # This is the passfile, which defines a temporary file that
> contains # the content of /etc/passwd and /etc/shadow while the cronjob
> is run. # Since this file contains sensible data, no default is
> provided and # you need to specify a file name to be used."
> passfile=
>
> Un # de la derniere ligne a reussit a supprimer le probleme.
> Le package est desinstalle.
Commenting out the last line solved the problem.
The package is removed.
Debian Bug Importer (debzilla) wrote : | #9 |
Message-Id: <E1D4LaA-
Date: Thu, 24 Feb 2005 13:11:18 -0300
From: Guilherme de S. Pastore <email address hidden>
To: <email address hidden>
Subject: severity of 296766 is critical
# Automatically generated email from bts, devscripts version 2.8.10
severity 296766 critical
Debian Bug Importer (debzilla) wrote : | #10 |
Message-Id: <E1D4LaN-
Date: Thu, 24 Feb 2005 13:11:31 -0300
From: Guilherme de S. Pastore <email address hidden>
To: <email address hidden>
Subject: tagging 296766
# Automatically generated email from bts, devscripts version 2.8.10
tags 296766 pending
Debian Bug Importer (debzilla) wrote : | #11 |
Message-Id: <E1D4LrH-
Date: Thu, 24 Feb 2005 13:28:59 -0300
From: Guilherme de S. Pastore <email address hidden>
To: <email address hidden>
Subject: retitle 296766 to john: should be clearer on the explanation of passfile directive
# Automatically generated email from bts, devscripts version 2.8.10
retitle 296766 john: should be clearer on the explanation of passfile directive
Debian Bug Importer (debzilla) wrote : | #12 |
Message-Id: <E1D4Lzt-
Date: Thu, 24 Feb 2005 13:37:53 -0300
From: Guilherme de S. Pastore <email address hidden>
To: <email address hidden>
Subject: severity of 296766 is important
# Automatically generated email from bts, devscripts version 2.8.10
severity 296766 important
In Debian Bug tracker #296766, Guilherme de S. Pastore (fatalerror) wrote : tagging 296766, severity of 296766 is minor | #13 |
# Automatically generated email from bts, devscripts version 2.8.14
tags 296766 - pending
severity 296766 minor
In Debian Bug tracker #296766, Guilherme de S. Pastore (fatalerror) wrote : john | #14 |
tag 296766 pending
--
Guilherme de S. Pastore (fatalerror)
<email address hidden>
In Debian Bug tracker #296766, Guilherme de S. Pastore (fatalerror) wrote : Bug#296766: fixed in john 1.6-35 | #15 |
Source: john
Source-Version: 1.6-35
We believe that the bug you reported is fixed in the latest version of
john, which is due to be installed in the Debian FTP archive:
john_1.6-35.diff.gz
to pool/main/
john_1.6-35.dsc
to pool/main/
john_1.
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guilherme de S. Pastore <email address hidden> (supplier of updated john package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 30 Jul 2005 12:20:02 -0300
Source: john
Binary: john
Architecture: source i386
Version: 1.6-35
Distribution: unstable
Urgency: low
Maintainer: Guilherme de S. Pastore <email address hidden>
Changed-By: Guilherme de S. Pastore <email address hidden>
Description:
john - active password cracking tool
Closes: 296766 314258
Changes:
john (1.6-35) unstable; urgency=low
.
* Moved john-any and john-mmx to /usr/lib/john on i386, as the user
is not supposed (and won't be able) to run them directly
* Fix stupid usage of debian/john.install that broke a couple of things
in -34 (not uploaded to Debian, at least)
* debian/
- Make it clear(er) that one shouldn't put the path to the system
password file in the passfile directive (Closes: #296766)
.
john (1.6-34) unstable; urgency=low
.
* debian/control:
- Rewrote both short and long description
- Updated Standards-Version to 3.6.2 with no changes
- Christian Kurz is really MIA, as he stated he would be. Removed
him from Uploaders. Thanks for the great work!
* debian/docs:
- Move installation of doc/NEWS to john.install, so we don't have to
manually rename it in debian/rules
* debian/examples:
- Removed run/john.ini from the list, it's the configuration file
* debian/po:
- de.po, es.po: unfuzzied header
- pt_BR.po: converted from ISO-8859-1 to UTF-8
- vi.po: added Vietnamese translation from Clytie Siddall (Closes: #314258)
* debian/rules:
- General cleanups
- Don't strip files manually: dh_strip handles this
- Moved manpages installation to debian/
- Don't include cdbs's buildcore.mk: it's included by debhelper.mk
- Properly use dpkg-architecture instead of dpkg --print-
- Added /var/run/john to DEB_FIXPERMS_
be safe from normal user reading
- Symlinks are now handled within debian/john.links, and always point
to /usr/sbin/john, as the script should handle non-MMX machines
* debian/
- Rewritten from scratch for better language
- Removed re...
Debian Bug Importer (debzilla) wrote : | #16 |
Message-Id: <E1DWFLx-
Date: Thu, 12 May 2005 12:11:56 -0300
From: Guilherme de S. Pastore <email address hidden>
To: <email address hidden>
Subject: tagging 296766, severity of 296766 is minor
# Automatically generated email from bts, devscripts version 2.8.14
tags 296766 - pending
severity 296766 minor
Debian Bug Importer (debzilla) wrote : | #17 |
Message-Id: <email address hidden>
Date: Sat, 30 Jul 2005 12:27:23 -0300
From: "Guilherme de S. Pastore" <email address hidden>
To: <email address hidden>
Subject: john
tag 296766 pending
--
Guilherme de S. Pastore (fatalerror)
<email address hidden>
Debian Bug Importer (debzilla) wrote : | #18 |
Message-Id: <email address hidden>
Date: Sun, 31 Jul 2005 17:17:10 -0700
From: <email address hidden> (Guilherme de S. Pastore)
To: <email address hidden>
Subject: Bug#296766: fixed in john 1.6-35
Source: john
Source-Version: 1.6-35
We believe that the bug you reported is fixed in the latest version of
john, which is due to be installed in the Debian FTP archive:
john_1.6-35.diff.gz
to pool/main/
john_1.6-35.dsc
to pool/main/
john_1.
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guilherme de S. Pastore <email address hidden> (supplier of updated john package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 30 Jul 2005 12:20:02 -0300
Source: john
Binary: john
Architecture: source i386
Version: 1.6-35
Distribution: unstable
Urgency: low
Maintainer: Guilherme de S. Pastore <email address hidden>
Changed-By: Guilherme de S. Pastore <email address hidden>
Description:
john - active password cracking tool
Closes: 296766 314258
Changes:
john (1.6-35) unstable; urgency=low
.
* Moved john-any and john-mmx to /usr/lib/john on i386, as the user
is not supposed (and won't be able) to run them directly
* Fix stupid usage of debian/john.install that broke a couple of things
in -34 (not uploaded to Debian, at least)
* debian/
- Make it clear(er) that one shouldn't put the path to the system
password file in the passfile directive (Closes: #296766)
.
john (1.6-34) unstable; urgency=low
.
* debian/control:
- Rewrote both short and long description
- Updated Standards-Version to 3.6.2 with no changes
- Christian Kurz is really MIA, as he stated he would be. Removed
him from Uploaders. Thanks for the great work!
* debian/docs:
- Move installation of doc/NEWS to john.install, so we don't have to
manually rename it in debian/rules
* debian/examples:
- Removed run/john.ini from the list, it's the configuration file
* debian/po:
- de.po, es.po: unfuzzied header
- pt_BR.po: converted from ISO-8859-1 to UTF-8
- vi.po: added Vietnamese translation from Clytie Siddall (Closes: #314258)
* debian/rules:
- General cleanups
- Don't strip files manually: dh_strip handles this
- Moved manpages installation to debian/
- Don't include cdbs's buildcore.mk: it's included by debhelper.mk
- Properly use dpkg-architecture instead of dpkg --print-
- Added /var/run/john to DEB_FIXPERMS_
be safe from normal user reading
- Symlinks are now ...
Dennis Kaarsemaker (dennis) wrote : | #19 |
Fixed debian package is available in dapper
> Package: John
>
> Apres une mise a jour du package John il y a environ 4 jours,
> mon /etc/shadow etait supprime toutes les nuits.
> John etait dans la cron afin de verifier toutes les nuits
> les mots de passes des utilisateurs, et lors de son demarrage,
> il supprimais directement les fichiers /etc/shadow* et quittais.
>
After an update of john's package 4 days ago, my /etc/shadow file was
deleted each night. John was in the cron in order to check users'
password each night, but on startup it deleted all /etc/shadow* file and
exited.
> Mon fichier de conf :
my configuration file:
> #cat /etc/john/ john-mail. conf -,/bin/ false,/ dev/null, /bin/sync /usr/sbin/ sendmail /etc/shadow
>
> # These are the shells that should be ignored by john. If you
> # install falselogin, for example, you may want to add it to
> # the list.
> shells=
>
> # This is the mail command. You may actually use any program
> # here; the message in /etc/john.msg will be piped into it,
> # with the login name and host name substituted.
> # You may want to use a program to log information about
> # weak passwords (but that means sensitive information would be
> # kept somewhere - be careful!)
> mailcmd=
>
> # This is the passfile, which defines a temporary file that
> contains # the content of /etc/passwd and /etc/shadow while the cronjob
> is run. # Since this file contains sensible data, no default is
> provided and # you need to specify a file name to be used."
> passfile=
>
> Un # de la derniere ligne a reussit a supprimer le probleme.
> Le package est desinstalle.
Commenting out the last line solved the problem.
The package is removed.