On Fri, Feb 25, 2011 at 09:32:41PM +0100, Joachim Wiedorn wrote: > Edgar Sippel <for.your.spam.o...@web.de> wrote on 2011-02-25 19:36: > > > |Warning: /etc/lilo.conf should be readable only for root if using PASSWORD > > > > When checking file permissions afterwards, I found the file being > > world-readable: > > > > |blechtrottel:/etc# ls -l lilo.conf > > |-rw-r--r-- 1 root root 4617 25. Feb 19:18 lilo.conf > > > > This makes the protection via PASSWORD completely useless - if any logged > > in user can read > > /etc/lilo.conf, he could also change boot parameters of the system, e.g. > > booting his own OS. > > Thanks for your information. I will patch lilo and do the next upload in > the next two weeks.
Hi Joachim, does this affect the version of lilo in oldstable or stable? Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org