Fsnipers PID file uses umask rather than 600.

Bug #403116 reported by Dave Walker on 2009-07-22
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
fsniper (Ubuntu)
Undecided
Dave Walker
Nominated for Jaunty by Dave Walker
Nominated for Karmic by Dave Walker

Bug Description

Binary package hint: fsniper

The PID file stored in /tmp/fsniper-$USER.pid uses the users umask values for permission, rather than a default of only allowing the owner to read/write (600).

This has been discovered upstream, and their patch is attached.

Dave Walker (davewalker) wrote :
Dave Walker (davewalker) wrote :

debdiff attached

Changed in fsniper (Ubuntu):
status: New → In Progress
assignee: nobody → Dave Walker (davewalker)
status: In Progress → Fix Committed
Dave Walker (davewalker) wrote :

Replacement debdiff attached, as "Closes" Tag was not properly formed.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package fsniper - 1.3.1-0ubuntu1.1

---------------
fsniper (1.3.1-0ubuntu1.1) jaunty-security; urgency=low

  * SECURITY UPDATE: Permissions of PID file are set on current
    umask rather than 600. (LP: #403116)
    - debian/patches/pid_file_permissons_to_600.patch: adjust
      src/main.c to set permissions of PID to 600. Based on
      upstream patch.
  * SECURITY UPDATE: Quotation marks not safely checked in
    filenames. (LP: #403113)
    - debian/patches/singlequote_doublequote_issue.patch:
      adjust src/handle_event.c to include checking for both
      single and double quotation marks. Based on upstream
      patch.
  * Added quilt support to manage patches.
  * Bumped Debian package Standards-Version to 3.8.2

 -- Dave Walker (Daviey) <email address hidden> Fri, 24 Jul 2009 21:59:07 +0100

Changed in fsniper (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers