Doesn't test for setuid return code

Bug #439272 reported by Loïc Minier on 2009-09-30
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
xsplash
Undecided
Unassigned
xsplash (Ubuntu)
Low
Kees Cook
Karmic
Low
Kees Cook

Bug Description

Binary package hint: xsplash

Hi

xsplash doesn't set for the return code of setuid but should.

Bye

ProblemType: Bug
Architecture: amd64
Date: Wed Sep 30 12:30:29 2009
DistroRelease: Ubuntu 9.10
Package: xsplash 0.8.1-0ubuntu1
ProcEnviron:
 LANGUAGE=fr_FR:fr:en_GB:en
 PATH=(custom, user)
 LANG=fr_FR.UTF-8
 SHELL=/bin/zsh
ProcVersionSignature: Ubuntu 2.6.31-11.36-generic
SourcePackage: xsplash
Uname: Linux 2.6.31-11-generic x86_64

Loïc Minier (lool) wrote :
Loïc Minier (lool) on 2009-09-30
visibility: private → public
Kees Cook (kees) wrote :

This is probably what we want it doing instead...

Changed in xsplash (Ubuntu):
status: New → Triaged
Changed in xsplash (Ubuntu Karmic):
milestone: none → ubuntu-9.10
importance: Undecided → Low
assignee: nobody → Loïc Minier (lool)
Kees Cook (kees) on 2009-10-03
Changed in xsplash (Ubuntu Karmic):
assignee: Loïc Minier (lool) → Kees Cook (kees)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package xsplash - 0.8.2-0ubuntu2

---------------
xsplash (0.8.2-0ubuntu2) karmic; urgency=low

  * Add 90_correctly-setuid.patch to use setresuid() and test the return
    code (LP: #439272).
  * Re-added dropped 0.8.1-0ubuntu2 changelog, removed now-upstreamed
    patch 60_slist-use-proper-var.patch.

 -- Kees Cook <email address hidden> Sat, 03 Oct 2009 10:02:21 -0700

Changed in xsplash (Ubuntu Karmic):
status: Triaged → Fix Released

It would be nice if you guys would turn these patches into merge
requests for projects in LP :) They're easier to merge and harder to
loose track of.

Here's a similar patch, but now I've added your additional comments:

  https://code.launchpad.net/~bratsche/xsplash/setgid/+merge/12788

You can see all active merge proposals for a project here:

  https://code.launchpad.net/xsplash/+activereviews

Thanks for the fix!

Kees Cook (kees) wrote :

On Sat, Oct 03, 2009 at 07:54:57PM -0000, Ted Gould wrote:
> It would be nice if you guys would turn these patches into merge
> requests for projects in LP :) They're easier to merge and harder to
> loose track of.
>
> Here's a similar patch, but now I've added your additional comments:
>
> https://code.launchpad.net/~bratsche/xsplash/setgid/+merge/12788
>
> You can see all active merge proposals for a project here:
>
> https://code.launchpad.net/xsplash/+activereviews
>
> Thanks for the fix!

All the branches I could lacked actual code and were just packaging
branches, which I find very difficult to deal with as it requires a
single build process that, to my knowledge, is incompatible with standard
sbuild/schroot methods. :(

--
Kees Cook
Ubuntu Security Team

Cody Russell (bratsche) wrote :

Is there something I can do to get code branches registered at https://code.launchpad.net/ubuntu/+source/xsplash?

Right now most of the branches are at https://code.launchpad.net/~bratsche

Robert Collins (lifeless) wrote :

On Mon, 2009-10-05 at 02:48 +0000, Cody Russell wrote:
> Is there something I can do to get code branches registered at
> https://code.launchpad.net/ubuntu/+source/xsplash?
>
> Right now most of the branches are at
> https://code.launchpad.net/~bratsche

bzr push lp:~bratsche/ubuntu/karmic/xsplash/BRANCHNAME

-Rob

Cody Russell (bratsche) on 2009-10-20
Changed in xsplash:
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers