Le mercredi 04 février 2009 à 19:49 +0100, Josselin Mouette a écrit : > 1) The security issue (#514110) leading to a user being able to control > root’s terminal (and other applications). This is a bug in ORBit2 for > which I have a patch. The corresponding NMU is attached; I’ll upload it > in one or two days if there are no objections. > > For the security team: we should get this fixed in lenny and maybe in > etch with a point release, but I don’t think this warrants a DSA. Maybe > this warrants a CVE regardless, I’m not sure.
And now upstream claims this is purely intentional and necessary for having a11y features in applications run as root. I throw in the towel. Please, anyone, do whatever you want with this bug. Maybe we should just drop every kind of GUI root access, including su, and let root only login through the console. -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `- our own. Resistance is futile.
signature.asc
Description: Ceci est une partie de message numériquement signée
