The yiff server, by default, will run as the root user, even though it
only requires privileges to access the audio devices (/dev/dsp and
/dev/mixer), no effort is make by the package to create an specific user
and run the server as such.
[...]
I agree that this is badly broken. Thanks for
On Wed, Oct 19, 2005 at 08:48:49AM +0100, Phil Brooke wrote:
The yiff server, by default, will run as the root user, even though it
only requires privileges to access the audio devices (/dev/dsp and
/dev/mixer), no effort is make by the package to create an specific user
and run the server
Package: yiff-server
Version: 2.14.2-7
Severity: critical
Tags: security
Justification: root security hole
The yiff server, by default, will run as the root user, even though it
only requires privileges to access the audio devices (/dev/dsp and
/dev/mixer), no effort is make by the package to
3 matches
Mail list logo