Dear Debian BTS gurus,
A day or so ago, in connection with another bug (#295435), I discovered
the existence and use of [EMAIL PROTECTED] Out of curiosity, I
tried to set the severity of this bug to critical; to my amazement, this
worked; but then Manoj Srivastava set the severity back to
On Thu, Mar 24, 2005 at 07:11:18PM +1100, [EMAIL PROTECTED] wrote:
Dear Debian BTS gurus,
A day or so ago, in connection with another bug (#295435), I discovered
the existence and use of [EMAIL PROTECTED] Out of curiosity, I
tried to set the severity of this bug to critical; to my amazement,
Bill,
Thank you for the explanations.
One of the rules is that policy proposal are wishlist by definition.
Quite sensible: protect the policy-makers from blame and litigation.
I guess that the couple of normal bugs listed under
http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=debian-policy
On Fri, Mar 25, 2005 at 06:37:14AM +1100, [EMAIL PROTECTED] wrote:
In no way installing the debian-policy package introduce a security
hole, causes serious data loss or makes unrelated software on the
system break.
Not the installation of the policy package, but the following of the
Some Googling turned up the following:
http://www.tldp.org/HOWTO/Path-12.html
Any of the important daemon processes should never execute anything that
some other user can write into. In some systems, /usr/local/bin is
allowed to contain programs with less strict security screening - it is
severity 299007 wishlist
reassign 299007 debian-policy
thanks
On Fri, 11 Mar 2005, Paul Szabo wrote:
Package: base-files
Version: 3.0.2
Severity: critical
Tags: patch security
Justification: root security hole
I recently noticed that /usr/local and /usr/local/{bin,sbin} are
Package: base-files
Version: 3.0.2
Severity: critical
Tags: patch security
Justification: root security hole
I recently noticed that /usr/local and /usr/local/{bin,sbin} are
group-writable and owned by root:staff. This is wrong: those directories
are in the default PATH for root. They (and files
7 matches
Mail list logo