First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 49048
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Robin Johnson <robbat2@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Paskowitz (RETIRED) <r2d2@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 49048 depends on: Show dependency tree
Bug 49048 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-04-26 10:37 0000 
The new ebuild for partimaged sets some permissions on ebuild config
incorrectly.

The partimaged.cert must have 0600 permissions, and be owned by at least
partimag:root, as with the partimaged.key file.

------- Comment #1 From Robin Johnson 2004-04-28 02:01:30 0000 ------- 
partimaged.cert contains NOTHING private, therefore does not need to be 0600.
i don't want partimaged to be able to change it's cert, so owned by root:root is correct.

------- Comment #2 From Robert Paskowitz (RETIRED) 2004-04-28 05:29:50 0000 ------- 
I a not questioning your motives but am rather questioning what works. Below is
all combinations of 600 644 root:root partimag:root... At first it it 644 and
partimag:root, then 644 with root:root, then 600 with root:root and finally,
600 with partimag:root :


confucius partimaged # ls -l partimaged.cert
-rw-------    1 partimag root         3498 Apr 26 13:31 partimaged.cert
confucius partimaged # chmod 644 partimaged.cert
confucius partimaged # partimaged
error when verifying /etc/partimaged/partimaged.cert, check logfile for help
logfile is /var/log/partimaged.log
if you don't have logfile, use partimaged --debug=1
confucius partimaged # chown root:root partimaged.cert
confucius partimaged # partimaged
error when verifying /etc/partimaged/partimaged.cert, check logfile for help
logfile is /var/log/partimaged.log
if you don't have logfile, use partimaged --debug=1
confucius partimaged # chmod 600 partimaged.cert
confucius partimaged # partimaged
27351:error:0200100D:system library:fopen:Permission
denied:bss_file.c:276:fopen('/etc/partimaged/partimaged.cert','r')
27351:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278:
27351:error:140AD002:SSL routines:SSL_CTX_use_certificate_file:system
lib:ssl_rsa.c:515:
confucius partimaged # chown partimag:root partimaged.cert
confucius partimaged # partimaged         <- Now it runs

------- Comment #3 From Robin Johnson 2004-05-12 21:14:23 0000 ------- 
looking at upstream's code, it's a definate bug in their work.
i'll look at a fix.

------- Comment #4 From Robin Johnson 2004-05-14 00:10:18 0000 ------- 
ok, i've disabled partimage's stupid checks for permissions.
it doesn't need them as they are, and it's more secure with it properly configured by the ebuild.
should a hole ever be found, we'll be better protected.

and i tested it this time as well, with the user login and SSL functionality and it works 100%.
First Last Prev Next    No search results available      Search page      Enter new bug