subject:"Bug#334616\: yiff\-server\: runs as root and opens any file a client asks for"

Bug#334616: yiff-server: runs as root and opens any file a client asks for

2005-10-19 Thread Phil Brooke

The yiff server, by default, will run as the root user, even though it only requires privileges to access the audio devices (/dev/dsp and /dev/mixer), no effort is make by the package to create an specific user and run the server as such. [...] I agree that this is badly broken. Thanks for

Bug#334616: yiff-server: runs as root and opens any file a client asks for

2005-10-19 Thread Javier Fernández-Sanguino Peña

On Wed, Oct 19, 2005 at 08:48:49AM +0100, Phil Brooke wrote: The yiff server, by default, will run as the root user, even though it only requires privileges to access the audio devices (/dev/dsp and /dev/mixer), no effort is make by the package to create an specific user and run the server

Bug#334616: yiff-server: runs as root and opens any file a client asks for

2005-10-18 Thread Javier Fernandez-Sanguino Pen~a

Package: yiff-server Version: 2.14.2-7 Severity: critical Tags: security Justification: root security hole The yiff server, by default, will run as the root user, even though it only requires privileges to access the audio devices (/dev/dsp and /dev/mixer), no effort is make by the package to