Package: login Version: 1:4.0.3-30.9 Severity: wishlist Tags: patch Hi!
/bin/login is currently installed setuid root, which is absolutely not necessary and only a potential security threat. In Ubuntu we install it as 0755 for ages now without any problems. Trivial patch, but for the record: http://patches.ubuntu.com/patches/shadow.login-nosuid.diff Please consider making this change for Debian, too. Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian GNU/Linux Developer http://www.debian.org
signature.asc
Description: Digital signature
