Anonymous | Login | Signup for a new account | 2024-10-31 08:18 CET |
My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||||||
0001475 | aMule | Misc | public | 2009-01-12 02:55 | 2009-05-22 00:50 | ||||||||
Reporter | Effendi | ||||||||||||
Assigned To | |||||||||||||
Priority | normal | Severity | major | Reproducibility | have not tried | ||||||||
Status | feedback | Resolution | open | ||||||||||
Platform | OS | OS Version | |||||||||||
Product Version | 2.2.2 | ||||||||||||
Target Version | Fixed in Version | ||||||||||||
Summary | 0001475: Possible security violation. (got a shell?) | ||||||||||||
Description | An application opened in an user's X desktop (non Root); he instinctively immediately closed it. A bit later, suspecting something strange, we investigated and found a zombie for that application as a child of aMule! AMule was still active and working, and we manually closed it using the normal Close button. aMule and the child zombie disappeared. The application was already installed, but unused since the boot of the machine. Now still apparently working fine. Both eD2K and KAD active. High ID for both. See enclosed Log. (Omitted parts are apparenty regular) | ||||||||||||
Additional Information | 2008-12-02 15:38:36: amuleDlg.cpp(213): - This is aMule 2.2.2 using wxGTK2 v2.8.7 based on eMule. 2008-12-02 15:38:36: amuleDlg.cpp(215): Running on Linux 2.6.26-1-686 i686 ... 2008-12-02 20:11:15: Logger.cpp(275): Warning: Mailcap file /etc/mailcap, line 266: incomplete entry ignored. 2008-12-02 20:11:15: Logger.cpp(275): Warning: Mailcap file /etc/mailcap, line 267: incomplete entry ignored. 2008-12-02 20:11:15: Logger.cpp(275): Warning: Mailcap file /etc/mailcap, line 268: incomplete entry ignored. ... 2008-12-02 20:23:37: Logger.cpp(275): Error: Impossible to get child process input (error 9: Descrittore di file non valido) 2008-12-02 20:23:37: Logger.cpp(275): Error: Impossible to get child process input (error 9: Descrittore di file non valido) 2008-12-02 20:23:46: Logger.cpp(275): Error: Impossible to get child process input (error 9: Descrittore di file non valido) 2008-12-02 20:23:49: Logger.cpp(275): Error: Impossible to get child process input (error 9: Descrittore di file non valido) 2008-12-02 20:23:49: Logger.cpp(275): Error: Impossible to get child process input (error 9: Descrittore di file non valido) 2008-12-02 20:23:49: Logger.cpp(275): Error: Impossible to get child process input (error 9: Descrittore di file non valido) 2008-12-02 20:23:49: Logger.cpp(275): Error: Impossible to get child process input (error 9: Descrittore di file non valido) Problem at this exact minute: SystemTime was 20:24. [manual closing follows here. No other events; no other lines removed] 2008-12-02 20:39:28: RoutingZone.cpp(326): Wrote 200 Kad contacts 2008-12-02 20:39:28: PartFile.cpp(1027): Saved 1 source seed for partfile: [omissis] ... 2008-12-02 20:39:28: PartFile.cpp(1027): Saved 10 source seeds for partfile: [omissis] 2008-12-02 20:39:28: Disconnected from eD2k 2008-12-02 20:39:28: Disconnected from Kad | ||||||||||||
Tags | No tags attached. | ||||||||||||
Fixed in Revision | |||||||||||||
Operating System | Debian SID (i386) | ||||||||||||
Attached Files | |||||||||||||
Notes | |
(0003058) Wuischke (manager) 2009-01-17 22:30 edited on: 2009-01-17 22:37 |
Please give information about the event settings. They can be found in the Preferences -> Events. There are only few occasions when aMule starts an external application: a) start amuleweb on start up (has to be enabled by user) b) when an event (for instance download completed) occurs, this, too, has to be enabled by the user and the command to execute can be set by the user. Edit: Also, are external connections enabled? I would like to thank you for this information - I have never thought about this and it has security implications I'm not very comfortable with. It is however difficult to resolve this and any attacker would need write access to the configuration file. edited on: 01-17-09 22:37 |
(0003068) Effendi (reporter) 2009-01-21 23:52 |
> a) start amuleweb on start up (has to be enabled by user) NOT enabled > b) when an event (for instance download completed) occurs, this, too, has to be enabled by the user and the command to execute can be set by the user. NOT enabled > Edit: Also, are external connections enabled? NOT enabled. For information: there where no 'act on event' actions set at all. In every category. Same for everything in the Debug section, and UPnP. > I would like to thank you for this information - I have never thought about this and it has security implications I'm not very comfortable with. It is however difficult to resolve this and any attacker would need write access to the configuration file. You are welcome. If more infos or tests needed, feel free to ask. In private mail too. |
(0003139) Effendi (reporter) 2009-05-22 00:50 |
This sounds related to http://bugs.amule.org/view.php?id=1515 [^] Also see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078 [^] |
Issue History | |||
Date Modified | Username | Field | Change |
2009-01-12 02:55 | Effendi | New Issue | |
2009-01-12 02:55 | Effendi | Operating System | => Debian SID (i386) |
2009-01-17 22:30 | Wuischke | Note Added: 0003058 | |
2009-01-17 22:30 | Wuischke | Status | new => feedback |
2009-01-17 22:37 | Wuischke | Note Edited: 0003058 | |
2009-01-21 23:52 | Effendi | Note Added: 0003068 | |
2009-05-22 00:50 | Effendi | Note Added: 0003139 |
Copyright © 2000 - 2024 MantisBT Team |