[kgb-maintainers] Bug#593633: kgb-bot: dies when polygen is removed after daemon startup
Damyan Ivanov
dmn at debian.org
Thu Aug 19 18:44:14 UTC 2010
Package: kgb-bot
Version: 1.03-1
Severity: important
Scenario:
1. kgb-bot starts and detects polygen.
2. aptitude remove polygen. since polygen is only a recommendation,
everything goes fine.
3. someone talks to the bot
4. the bot tries to reply using a polygen wisdom, but fails to run
the polygen binary and terminates
Sounds like a recipe for a DoS (although it requires that the local
admin removed polygen, not really exploitable).
The fix would be to (a) detect polygen when needed (so that the
upgrade of polygen ans subsequential move from /usr/bin to /usr/games
doesn't go undetected) and (b) handle missing binary gracefuly.
-- System Information:
Debian Release: 5.0.5
APT prefers stable
APT policy: (990, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages kgb-bot depends on:
ii adduser 3.110 add and remove users and groups
ii kgb-client 1.01-3 client for KGB (IRC collaboration
ii libdigest-sha1-perl 2.11-2+b1 NIST SHA-1 message digest algorith
ii libpoe-component-irc-per 5.84+dfsg-1 a fully event-driven IRC client mo
ii libpoe-component-server- 1.12-1 POE component to publish event han
ii libpoe-perl 2:1.0003-1 event driven component architectur
ii libproc-pid-file-perl 1.24-6 Perl module for managing process i
ii libyaml-perl 0.66-1 YAML Ain't Markup Language (tm)
ii perl 5.10.0-19lenny2 Larry Wall's Practical Extraction
kgb-bot recommends no packages.
Versions of packages kgb-bot suggests:
ii libipc-run-perl 0.80-2 Perl module for running processes
pn polygen <none> (no description available)
-- no debconf information
More information about the kgb-maintainers
mailing list