Ubuntu
fsniper package

Fsnipers PID file uses umask rather than 600.

Bug #403116 reported by Dave Walker on 2009-07-22

This bug affects 1 person

Affects		Status	Importance	Assigned to
	fsniper (Ubuntu)	Fix Released	Undecided	Dave Walker
Nominated for Jaunty by Dave Walker
Nominated for Karmic by Dave Walker

Bug Description

Binary package hint: fsniper

The PID file stored in /tmp/fsniper-$USER.pid uses the users umask values for permission, rather than a default of only allowing the owner to read/write (600).

This has been discovered upstream, and their patch is attached.

Related branches

lp:ubuntu/jaunty-security/fsniper

lp:ubuntu/karmic/fsniper

Revision history for this message

Dave Walker (davewalker) wrote on 2009-07-22:

pid_file_permissons_to_600.patch Edit (648 bytes, text/plain)

Revision history for this message

Dave Walker (davewalker) wrote on 2009-07-22:

fsniper_1.3.1-0ubuntu2.debdiff Edit (4.3 KiB, text/plain)

debdiff attached

Changed in fsniper (Ubuntu):
status:	New → In Progress
assignee:	nobody → Dave Walker (davewalker)
status:	In Progress → Fix Committed

Revision history for this message

Dave Walker (davewalker) wrote on 2009-07-23:

fsniper_1.3.1-0ubuntu2.debdiff Edit (4.3 KiB, text/plain)

Replacement debdiff attached, as "Closes" Tag was not properly formed.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2009-08-05:

This bug was fixed in the package fsniper - 1.3.1-0ubuntu1.1

---------------
fsniper (1.3.1-0ubuntu1.1) jaunty-security; urgency=low

  * SECURITY UPDATE: Permissions of PID file are set on current
    umask rather than 600. (LP: #403116)
    - debian/patches/pid_file_permissons_to_600.patch: adjust
      src/main.c to set permissions of PID to 600. Based on
      upstream patch.
  * SECURITY UPDATE: Quotation marks not safely checked in
    filenames. (LP: #403113)
    - debian/patches/singlequote_doublequote_issue.patch:
      adjust src/handle_event.c to include checking for both
      single and double quotation marks. Based on upstream
      patch.
  * Added quilt support to manage patches.
  * Bumped Debian package Standards-Version to 3.8.2