Olivier Berger wrote:
On Thu, Feb 19, 2009 at 05:12:30PM +0100, Olivier Berger wrote:
Package: sympa
Version: 5.3.4-6.1
Severity: normal
Hi.
I just upgraded one of my servers from etch to lenny and got :
[Thu Feb 19 17:05:34 2009] [error] [client xxx.xxx.xxx.xxx] Insecure $ENV{PATH} while
running setuid at /usr/lib/sympa/bin/Conf.pm line 295, <IN> line 37.
[Thu Feb 19 17:05:34 2009] [error] [client xxx.xxx.xxx.xxx] Insecure EXEC while
running setuid at /usr/lib/sympa/bin/Conf.pm line 295, <IN> line 37.
[Thu Feb 19 17:05:34 2009] [error] [client xxx.xxx.xxx.xxx] Insecure $ENV{PATH} while
running setuid at /usr/lib/sympa/bin/Conf.pm line 295, <IN> line 77.
[Thu Feb 19 17:05:34 2009] [error] [client xxx.xxx.xxx.xxx] Insecure EXEC while
running setuid at /usr/lib/sympa/bin/Conf.pm line 295, <IN> line 77.
in the apache logs.
Dunno what's wrong actually :(
OK, found :
# grep /bin/cat /etc/sympa/sympa.conf
syslog `/bin/cat /etc/sympa/facility`
cookie `/bin/cat /etc/sympa/cookie`
... OK, I can patch that, then.
But that doesn't help fix that for good.
Sympa configuration really needs "include".
Regards
Racke
--
LinuXia Systems => http://www.linuxia.de/
Expert Interchange Consulting and System Administration
ICDEVGROUP => http://www.icdevgroup.org/
Interchange Development Team
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
