On Fri, Feb 25, 2011 at 09:32:41PM +0100, Joachim Wiedorn wrote:
> Edgar Sippel <for.your.spam.o...@web.de> wrote on 2011-02-25 19:36:
>
> > |Warning: /etc/lilo.conf should be readable only for root if using PASSWORD
> >
> > When checking file permissions afterwards, I found the file being
> > world-readable:
> >
> > |blechtrottel:/etc# ls -l lilo.conf
> > |-rw-r--r-- 1 root root 4617 25. Feb 19:18 lilo.conf
> >
> > This makes the protection via PASSWORD completely useless - if any logged
> > in user can read
> > /etc/lilo.conf, he could also change boot parameters of the system, e.g.
> > booting his own OS.
>
> Thanks for your information. I will patch lilo and do the next upload in
> the next two weeks.
Hi Joachim,
does this affect the version of lilo in oldstable or stable?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
