Fsnipers PID file uses umask rather than 600.

Bug #403116 reported by Dave Walker
This bug affects 1 person
Affects Status Importance Assigned to Milestone
fsniper (Ubuntu)
Fix Released
Dave Walker
Nominated for Jaunty by Dave Walker
Nominated for Karmic by Dave Walker

Bug Description

Binary package hint: fsniper

The PID file stored in /tmp/fsniper-$USER.pid uses the users umask values for permission, rather than a default of only allowing the owner to read/write (600).

This has been discovered upstream, and their patch is attached.

Revision history for this message
Dave Walker (davewalker) wrote :
Revision history for this message
Dave Walker (davewalker) wrote :

debdiff attached

Changed in fsniper (Ubuntu):
status: New → In Progress
assignee: nobody → Dave Walker (davewalker)
status: In Progress → Fix Committed
Revision history for this message
Dave Walker (davewalker) wrote :

Replacement debdiff attached, as "Closes" Tag was not properly formed.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package fsniper - 1.3.1-0ubuntu1.1

fsniper (1.3.1-0ubuntu1.1) jaunty-security; urgency=low

  * SECURITY UPDATE: Permissions of PID file are set on current
    umask rather than 600. (LP: #403116)
    - debian/patches/pid_file_permissons_to_600.patch: adjust
      src/main.c to set permissions of PID to 600. Based on
      upstream patch.
  * SECURITY UPDATE: Quotation marks not safely checked in
    filenames. (LP: #403113)
    - debian/patches/singlequote_doublequote_issue.patch:
      adjust src/handle_event.c to include checking for both
      single and double quotation marks. Based on upstream
  * Added quilt support to manage patches.
  * Bumped Debian package Standards-Version to 3.8.2

 -- Dave Walker (Daviey) <email address hidden> Fri, 24 Jul 2009 21:59:07 +0100

Changed in fsniper (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.