Package: base Severity: critical Tags: security Justification: root security hole
made a file write protected. See this: katzes:/etc# ls -al resolv.conf -r--r--r-- 1 root root 51 2007-05-21 11:39 resolv.conf It has this content: GNU nano 2.0.2 Datei: resolv.conf nameserver 194.97.173.125 nameserver 192.168.1.254 Then I changed the content: GNU nano 2.0.2 Datei: resolv.conf nameserver 194.97.173.125 nameserver 192.168.1.254 #comment [ 3 Zeilen geschrieben ] ("3 Zeilen geschrieben" means "3 lines written") The file was changed allthough it is still read only: katzes:/etc# ls -al resolv.conf -r--r--r-- 1 root root 60 2007-05-21 11:42 resolv.conf This is bad. A write protected file should not be writable, under no circumstances! :quit _:quit :quit -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.8-3-k7 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]