Bug 166155 - ckermit cannot open lock file in /var/lock
ckermit cannot open lock file in /var/lock
Product: Fedora
Classification: Fedora
Component: ckermit (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Peter Vrabec
Depends On:
  Show dependency treegraph
Reported: 2005-08-17 11:55 EDT by Steve Falco
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-05 08:37:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
The spec file patch (1.04 KB, patch)
2005-08-17 11:57 EDT, Steve Falco
no flags Details | Diff
The makefile patch (612 bytes, patch)
2005-08-17 11:57 EDT, Steve Falco
no flags Details | Diff

  None (edit)
Description Steve Falco 2005-08-17 11:55:46 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
ckermit tries to open a lock file for /dev/ttyS0 in /var/lock.  However, this is wrong for two reasons.  First, ckermit doesn't have write permission in /var/lock, and second, uucp opens its lock files in /var/lock/uucp.

Kermit is also unable to open /dev/ttyS0, because by default that device is owned by root.uucp with mode 660.

I have patched the .spec and makefile to correct these problems.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.start ckermit
2.set line /dev/ttyS0

Actual Results:  I get the error message:

C-Kermit>set line /dev/ttyS0
Sorry, write access to UUCP lockfile directory denied.

Expected Results:  kermit should have successfully opened a lock file in /var/lock/uucp.

Additional info:

Here is a patch to the spec file:

--- /usr/src/redhat/SPECS/ckermit.spec  2005-08-01 05:23:12.000000000 -0400
+++ ckermit.spec        2005-08-17 11:36:13.000000000 -0400
@@ -1,7 +1,7 @@
 Summary: The quintessential all-purpose communications program
 Name: ckermit
 Version: 8.0.211
-Release: 2.FC4
+Release: 2.FC4.saf
 License: Special (see COPYING.TXT.gz)
 Group: Applications/Communications
 Source0: ftp://kermit.columbia.edu/kermit/archives/cku211.tar.gz
@@ -13,6 +13,7 @@
 Source10: ckermit.ini
 Source11: ckuker.nr
 Patch0: ckermit-8.0.209-gcc4.patch
+Patch1: ckermit.lock.patch
 URL: http://www.columbia.edu/kermit/
 BuildRequires: pam-devel
 BuildRequires: pkgconfig
@@ -35,6 +36,7 @@
 %setup -q -c
 %patch0 -p1 -b .gcc4
+%patch1 -p1 -b .lock

 # XXX Swipe files from cku206, remove when added to cku208 tarball.
 cp %{SOURCE10} .
@@ -75,7 +77,7 @@
 %doc *.gz
 %dir %{_sysconfdir}/kermit
 %config(noreplace) %verify(not size mtime md5) %{_sysconfdir}/kermit/*
-%attr(755, root, root) %{_bindir}/kermit
+%attr(6555, uucp, uucp) %{_bindir}/kermit


Here is a patch to the makefile:

--- ckermit-8.0.211/makefile.orig       2005-08-17 11:06:37.000000000 -0400
+++ ckermit-8.0.211/makefile    2005-08-17 11:07:50.000000000 -0400
@@ -5994,6 +5994,7 @@
        @echo 'Making C-Kermit $(CKVER) for Linux on i386 with KRB,SRP,SSL...'
        $(MAKE) xermit KTARGET=$${KTARGET:-$(@)} "CC = gcc" "CC2 = gcc" \
        "CFLAGS = -g -O -funsigned-char -pipe -DPOSIX -DLINUX -DNOCOTFMC \
+       -DLOCK_DIR=\\\"/var/lock/uucp\\\" \

Basically, these patches change the lock file location, and change the owner/group/mode of the executable to give it the same permissions as enjoyed by uucico.
Comment 1 Steve Falco 2005-08-17 11:57:14 EDT
Created attachment 117841 [details]
The spec file patch
Comment 2 Steve Falco 2005-08-17 11:57:50 EDT
Created attachment 117842 [details]
The makefile patch
Comment 3 Peter Vrabec 2005-08-31 05:08:16 EDT

but I think I have better solution:
1, I add -DHAVE_BAUDBOY to KFLAGS in ckermit.spec
   (but lockdev package have to be fixed before I build new release)
2, user must be in uucp group to do "set line /dev/ttyS0"


Comment 5 Steve Falco 2005-08-31 08:59:02 EDT
Agreed - baudboy.h is a better soln. for the basic locking mechanism.  I assume
that your intent is to have all packages that need serial ports to use baudboy.h

At my location, I will probably "chgrp uucp kermit", and "chmod g+s kermit" so
that my users don't have to be in the uucp group.  Hopefully, that will work
given your fix.

Basically, we only use the serial ports to talk to the embedded HW that we build
here.  So, we have no security constraints on our serial ports.  I understand
that other sites look at this differently :-)

I agree that the default should be highly secure, as long as folks like me can
turn security off if that is more appropriate to the local environment.

Comment 6 Peter Vrabec 2005-09-05 08:37:36 EDT
fixed in fc4 and devel.

Note You need to log in before you can comment on or make changes to this bug.