Hi,
On 18/10/2021 21:55, Axel Beckert wrote:
Hi again,
Christoph Zechner wrote:
Severity: critical
This is clearly not "critical". Myon already fixed that.
Apologies for that, I was not sure how to classify it, but since it was
a security-related issue, I thought it was appropriate.
Justification: root security hole
It is also no root security hole. It gives you access to the xymon
user only. (If the admin configured the xymon user to be able to use
sudo, that's another problem.)
That's true, reportbug stated "introduces a security hole allowing
access to root (or another privileged system account), or data normally
accessible only such accounts" and since xymon automatically creates a
few sudoers entries for its plugins, I thought it best to use this.
Sorry if that was a little over-zealous. :-/
Cheers
Christoph
Regards, Axel
