On Sat, Dec 15, 2012 at 05:35:07PM -0800, snailbox88-...@yahoo.com wrote: > On Sat, 15 Dec 2012 17:27:02 +0100, bill.allomb...@math.u-bordeaux1.fr wrote: > > > > > There is still the possibility that it is a bug in GSmartControl. > > What kind of file is it writting ? > > It writes its configuration in the user's ~/.config/gsmartcontrol with root > permissions > before the patched su-to-root.
And after the fix, what does it do ? > I don't know if you read my follow-up observation before, but prior to this > patch, > the binaries/scripts that are only affected by the undesired behavior are > those originating > from /usr/bin, such as /usr/bin/gsmartcontrol. Synaptics, for example, is not > unaffected and > resides inside /usr/sbin. This suggest that software in /usr/sbin are aware of the $HOME problem and do the right thing, but not gsmartcontrol. By the way, if gsmartcontrol need to run as root, why is it not in /usr/sbin ? > > but it is not clear it is safe to do so for su. > > I would like to know why is it not safe for su, just to stay informed of > possible > security implications of this changed behavior. This is not a security implication, but rather that it is likely to recreate the problems in bugs #246886 and #150314 on some systems. Cheers, -- Bill. <ballo...@debian.org> Imagine a large red swirl here. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
