[Secure-testing-team] Bug#733444: wicd-daemon: wrong permissions (-rw-rw-rw-) for some log files

Vincent Lefevre vincent at vinc17.net
Sat Dec 28 21:58:12 UTC 2013 

Package: wicd-daemon
Version: 1.7.2.4-4.1
Severity: normal

The contents of my /var/log/wicd directory:

-rw-r----- 1 root adm   301595 2013-12-28 22:27:16 wicd.log
-rw-r----- 1 root adm   369856 2013-12-20 11:14:01 wicd.log.1
-rw-rw-rw- 1 root root  810018 2013-12-17 20:30:49 wicd.log.2
-rw-rw-rw- 1 root root 6945574 2013-12-20 11:03:16 wicd.log.3

Some log files are writable by everyone. After some thoughts, I don't
think there is a security problem, because these are just "archived"
log data, and looking at the buggy permissions, the admin knows that
they aren't reliable.

The mtime values are also strange: wicd.log.3 have been older than
wicd.log.2!

/var/log/wicd/wicd.log.3 starts with:

2013/12/06 10:02:11 :: 

and ends with:

2013/12/12 02:56:33 :: Unable to autoconnect, you'll have to manually connecttling autoreconnect

then lots of "Throttling autoreconnect" and
"Starting automatic reconnect process" lines.

/var/log/wicd/wicd.log.2 starts with:

2013/12/12 02:56:33 :: 

and ends with:

2013/12/17 20:30:49 :: No wired connection present, attempting to autoconnect to wireless network

/var/log/wicd/wicd.log.1 starts with:

2013/12/17 20:30:49 :: 

and ends with:

2013/12/20 11:14:01 :: ---------------------------

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.12-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages wicd-daemon depends on:
ii  adduser          3.113+nmu3
ii  dbus             1.6.18-2
ii  debconf          1.5.52
ii  ethtool          1:3.11-1
ii  iproute          1:3.12.0-1
ii  iputils-ping     3:20121221-4
ii  isc-dhcp-client  4.2.4-7
ii  lsb-base         4.1+Debian12
ii  net-tools        1.60-25
ii  psmisc           22.20-1
ii  python           2.7.5-5
ii  python-dbus      1.2.0-2+b1
ii  python-gobject   3.10.2-1
ii  python-wicd      1.7.2.4-4.1
ii  wireless-tools   30~pre9-8
ii  wpasupplicant    1.0-3.1

Versions of packages wicd-daemon recommends:
ii  rfkill                  0.5-1
ii  wicd-gtk [wicd-client]  1.7.2.4-4.1

Versions of packages wicd-daemon suggests:
ii  pm-utils  1.4.1-13

Versions of packages wicd depends on:
ii  wicd-gtk [wicd-client]  1.7.2.4-4.1

Versions of packages wicd-gtk depends on:
ii  python         2.7.5-5
ii  python-glade2  2.24.0-3+b1
ii  python-gtk2    2.24.0-3+b1

Versions of packages wicd-gtk recommends:
ii  gksu           2.0.2-6
ii  python-notify  0.1.1-3

Versions of packages python-wicd depends on:
ii  python  2.7.5-5

-- Configuration Files:
/etc/wicd/encryption/templates/active changed:
wpa
wpa-peap
wpa-psk
wpa2-leap
wpa2-peap
wep-hex
wep-passphrase
wep-shared
leap
ttls
eap
peap-eduroam
peap
peap-tkip
eap-tls
psu


-- debconf information:
* wicd/users: vinc17
* wicd/users: vinc17

More information about the Secure-testing-team mailing list