[Secure-testing-team] Les Dunes de Chgaga le Lac d'Iriki

http://www.facebook.com/pages/COMFORT-PLUS-MAROC/205160302857448 ___ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team

[Secure-testing-team] Bug#637618: dtc-common: giving sudo access to chrootuid is giving access to root

Package: dtc-common Severity: critical Tags: security Justification: root security hole the install script gives sudo access to the dtc user (the user that is running apache) unrestricted access to chrootuid, which essentially gives root access to the dtc account: root@testdtc:/var/lib/dtc/etc#