On Thu, Dec 01, 2005 at 11:34:15AM +0100, Martin Schulze wrote: > Thanks for your report, but I'd rather consider this a > if-use-user-wants-to-shoot-in-both-feet-they-should error. Why would > anybody would want to run dpkg-source inside a fakerooted shell? > You can't exploit root or another user, but only leave an exploit > for your own directory.
Oh, I need get back on reading what execute bit means for directories. Sorry about this noice. For normal users within HOME which is not executable this not an problem even though I have run 'fakeroot apt-get source -b rssh' multiple times without checking that umask is obeyed. But running apt-get source or dpkg-source with fakeroot or as root in a world executable directory is a problem. Perhaps not worth an advisory though. Isn't default umask 022 in sarge? Then this is might again be worth an advisory, or not if users are expected to know about file and directory permissions. -Mikko -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
