View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001475aMuleMiscpublic2009-01-12 02:552009-05-22 00:50
ReporterEffendi 
Assigned To 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusfeedbackResolutionopen 
PlatformOSOS Version
Product Version2.2.2 
Target VersionFixed in Version 
Summary0001475: Possible security violation. (got a shell?)
DescriptionAn application opened in an user's X desktop (non Root); he instinctively immediately closed it.

A bit later, suspecting something strange, we investigated and found a zombie for that application as a child of aMule!

AMule was still active and working, and we manually closed it using the normal Close button. aMule and the child zombie disappeared.

The application was already installed, but unused since the boot of the machine. Now still apparently working fine.

Both eD2K and KAD active. High ID for both.
See enclosed Log. (Omitted parts are apparenty regular)
Additional Information2008-12-02 15:38:36: amuleDlg.cpp(213): - This is aMule 2.2.2 using wxGTK2 v2.8.7 based on eMule.
2008-12-02 15:38:36: amuleDlg.cpp(215): Running on Linux 2.6.26-1-686 i686
...
2008-12-02 20:11:15: Logger.cpp(275): Warning: Mailcap file /etc/mailcap, line 266: incomplete entry ignored.
2008-12-02 20:11:15: Logger.cpp(275): Warning: Mailcap file /etc/mailcap, line 267: incomplete entry ignored.
2008-12-02 20:11:15: Logger.cpp(275): Warning: Mailcap file /etc/mailcap, line 268: incomplete entry ignored.
...
2008-12-02 20:23:37: Logger.cpp(275): Error: Impossible to get child process input (error 9: Descrittore di file non valido)
2008-12-02 20:23:37: Logger.cpp(275): Error: Impossible to get child process input (error 9: Descrittore di file non valido)
2008-12-02 20:23:46: Logger.cpp(275): Error: Impossible to get child process input (error 9: Descrittore di file non valido)
2008-12-02 20:23:49: Logger.cpp(275): Error: Impossible to get child process input (error 9: Descrittore di file non valido)
2008-12-02 20:23:49: Logger.cpp(275): Error: Impossible to get child process input (error 9: Descrittore di file non valido)
2008-12-02 20:23:49: Logger.cpp(275): Error: Impossible to get child process input (error 9: Descrittore di file non valido)
2008-12-02 20:23:49: Logger.cpp(275): Error: Impossible to get child process input (error 9: Descrittore di file non valido)

Problem at this exact minute: SystemTime was 20:24.

[manual closing follows here. No other events; no other lines removed]
2008-12-02 20:39:28: RoutingZone.cpp(326): Wrote 200 Kad contacts
2008-12-02 20:39:28: PartFile.cpp(1027): Saved 1 source seed for partfile: [omissis]
...
2008-12-02 20:39:28: PartFile.cpp(1027): Saved 10 source seeds for partfile: [omissis]
2008-12-02 20:39:28: Disconnected from eD2k
2008-12-02 20:39:28: Disconnected from Kad
TagsNo tags attached.
Fixed in Revision
Operating SystemDebian SID (i386)
Attached Files

- Relationships

-  Notes
(0003058)
Wuischke (manager)
2009-01-17 22:30
edited on: 2009-01-17 22:37

Please give information about the event settings. They can be found in the Preferences -> Events.

There are only few occasions when aMule starts an external application:

a) start amuleweb on start up (has to be enabled by user)

b) when an event (for instance download completed) occurs, this, too, has to be enabled by the user and the command to execute can be set by the user.

Edit: Also, are external connections enabled?

I would like to thank you for this information - I have never thought about this and it has security implications I'm not very comfortable with. It is however difficult to resolve this and any attacker would need write access to the configuration file.

edited on: 01-17-09 22:37
(0003068)
Effendi (reporter)
2009-01-21 23:52

> a) start amuleweb on start up (has to be enabled by user)

NOT enabled

> b) when an event (for instance download completed) occurs, this, too, has to be enabled by the user and the command to execute can be set by the user.

NOT enabled

> Edit: Also, are external connections enabled?

NOT enabled.

For information: there where no 'act on event' actions set at all. In every category.
Same for everything in the Debug section, and UPnP.


> I would like to thank you for this information - I have never thought about this and it has security implications I'm not very comfortable with. It is however difficult to resolve this and any attacker would need write access to the configuration file.

You are welcome.
If more infos or tests needed, feel free to ask. In private mail too.
(0003139)
Effendi (reporter)
2009-05-22 00:50

This sounds related to http://bugs.amule.org/view.php?id=1515 [^]

Also see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078 [^]

- Issue History
Date Modified Username Field Change
2009-01-12 02:55 Effendi New Issue
2009-01-12 02:55 Effendi Operating System => Debian SID (i386)
2009-01-17 22:30 Wuischke Note Added: 0003058
2009-01-17 22:30 Wuischke Status new => feedback
2009-01-17 22:37 Wuischke Note Edited: 0003058
2009-01-21 23:52 Effendi Note Added: 0003068
2009-05-22 00:50 Effendi Note Added: 0003139


Copyright © 2000 - 2024 MantisBT Team
Powered by Mantis Bugtracker