On Tue, Sep 20, 2005 at 11:05:10AM +1000, Paul Szabo wrote: > >> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary > >> DISPLAY (host) settings. I am not sure if it can be tricked into erasing > >> existing records.
> > Why is this filed at severity: critical? What is the attack vector here > > which permits root privilege escalation? > I do not know any root escalation methods. When using reportbug, those > options seemed to fit best, apologies if they were not; please change if > appropriate. (For future reference: which options should I have used > instead?) Hmm... After rereading the definition at <http://www.debian.org/Bugs/Developer#severities>, I guess there's no reason for this bug to not fall under the description of 'critical', since the security hole is present just from the installation of the package. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature