[Bug 1235975] Re: Unsafe file and directory permissions

[Launchpad Bug Tracker]

This bug was fixed in the package system-image - 1.9.1-0ubuntu1

---------------
system-image (1.9.1-0ubuntu1) saucy; urgency=low

  * New upstream release:
    - LP: #1240105 - Further refinement of permission checking/fixing.
    - LP: #1240106 - Work around some failures in DEP 8 tests.
  * d/control: Point Vcs-Bzr and Vcs-Browser to the packaging branch.
  * d/system-image-common.dirs: Add /var/log/system-image.
  * d/rules, d/tests/unittests: Set $SYSTEMIMAGE_REACTOR_TIMEOUT to 1200
    seconds to avoid random timeout errors.
  * d/system-image-common.postinst, system-image-common.postrm: debhelper
    scripts for ensuring the proper permissions and for purging directories.
 -- Barry Warsaw <barry at ubuntu.com>   Tue, 15 Oct 2013 11:23:54 -0400

** Changed in: system-image (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to system-image in Ubuntu.
https://bugs.launchpad.net/bugs/1235975

Title:
  Unsafe file and directory permissions

Status in Ubuntu system image (server/client/updater):
  Fix Released
Status in “system-image” package in Ubuntu:
  Fix Released

Bug description:
  # ls -ld /var/log/system-image/
  drwxrwxrwx 2 root root 4096 Sep 24 16:02 /var/log/system-image/
  # ls -l /var/log/system-image/client.log 
  -rw-rw-rw- 1 root root 23927 Oct  6 09:11 /var/log/system-image/client.log
  # ls -ld /tmp/system-image/
  drwxrwxrwx 2 root root 260 Oct  6 09:11 /tmp/system-image/

  Also, predictable temporary file (/tmp/system-image). This was
  mentioned in bug #1233521

  # system-image-cli -i
  current build number: 78
  device name: mako
  channel: stable
  last update: 2013-10-03 13:05:32
  version version: 78
  version ubuntu: 20131003
  version device: 20131002.1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-system-image/+bug/1235975/+subscriptions