[Pkg-silc-devel] maybe not ready for upload yet [was: Re: Ready for upload! :)]

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Jun 16 23:12:11 UTC 2007 

A quick followup: sorry to be a downer, but i think silc-client (or at
least the irssi-plugin) might not be ready for prime time.  From the
build i just did, i think there are security issues, and serious bugs.

I installed the newly-build libsilc-1.1-1 and irssi-silc-plugin
packages (built as described earlier), and then i started up irssi.

I did:

/load silc

and it prompted me twice for a silc key passphrase (apparently
creating the key).

the screen looks like this:

 [18:59] [dkg] [1:silc (change with ^X)]                                        
[(status)] /load silcRunning SILC for the first time
Private key passphrase: 
Retype private key passphrase: Public key has been saved into `/home/dkg/.irssi/public_key.pub'.
Private key has been saved into `/home/dkg/.irssi/private_key.prv'.
Press <Enter> to continue...


Unfortunately, the key itself is saved in a world-readable form:

[0 dkg at squeak ~]$ ls -la .irssi/
total 56
drwxr-xr-x   5 dkg dkg  4096 2007-06-16 18:59 .
drwxr-xr-x 162 dkg dkg 20480 2007-06-16 18:57 ..
drwxr-xr-x   2 dkg dkg  4096 2007-06-16 18:59 clientkeys
-rw-------   1 dkg dkg   711 2006-11-01 16:30 config
-rw-r--r--   1 dkg dkg   701 2005-11-16 19:52 config~
-rw-r-----   1 dkg dkg   739 2005-11-16 19:48 config.autosave
drwxr-xr-x   2 dkg dkg  4096 2007-06-16 18:59 friends
-rw-r--r--   1 dkg dkg  1297 2007-06-16 18:59 private_key.prv
-rw-r--r--   1 dkg dkg   561 2007-06-16 18:59 public_key.pub
drwxr-xr-x   2 dkg dkg  4096 2007-06-16 18:59 serverkeys
[0 dkg at squeak ~]$ 



making matters worse, if i start irssi, and then do the following two
commands:

/load silc (and then put in passphrase, as requested)
/silc

i get a segmentation fault.

i installed the libsilc-1.1-1-dbg package and repeated the process to
get a core dump, which shows the following:

(gdb) bt
#0  0x08091b17 in format_read_arglist ()
#1  0x08097f68 in printformat_module_dest_args ()
#2  0x0809812a in printformat_module_args ()
#3  0x08098167 in printformat_module ()
#4  0xb772a90a in silc_opt_callback ()
   from /usr/lib/irssi/modules/libsilc_core.so
#5  0x080dd91e in signal_remove_full ()
#6  0x080dda8f in signal_emit ()
#7  0x080c8c0f in commands_remove_module ()
#8  0x080dd91e in signal_remove_full ()
#9  0x080dda8f in signal_emit ()
#10 0x0805c64b in input_listen_deinit ()
#11 0x080dd91e in signal_remove_full ()
#12 0x080dda8f in signal_emit ()
#13 0x08096a30 in keyboard_entry_redirect ()
#14 0x080dd91e in signal_remove_full ()
#15 0x080dda8f in signal_emit ()
#16 0x08096854 in key_pressed ()
#17 0x0805f3b4 in gui_readline_deinit ()
#18 0x080dd91e in signal_remove_full ()
#19 0x080dda8f in signal_emit ()
#20 0x0805cb81 in input_listen_deinit ()
#21 0x080cf31e in masks_match ()
#22 0xb7d14c9d in g_io_channel_unix_get_fd () from /usr/lib/libglib-2.0.so.0
#23 0xb7ceb952 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#24 0xb7cee91f in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#25 0xb7ceee85 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#26 0x0806f820 in main ()
(gdb) 


hth,

        --dkg the bug reporter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-silc-devel/attachments/20070616/8df03d0c/attachment.pgp

More information about the Pkg-silc-devel mailing list