On Wed, 07.07.10 19:08, Joey Hess (jo...@debian.org) wrote:
> Lennart Poettering wrote:
> > PID files are simply broken. We probably shouldn't use them anyway, and
> > alway rely on the bus name instead.
>
> And the current situation is that, in Debian, avahi currently uses a pid
> file without e
Michael Biebl wrote:
> given Lennarts explanations, are you ok with closing the bug report or do see
> a
> point in keeping it open?
Since one of my pet frustrations is random people pushing their pet
change with some mantra like "security in depth" -- I don't feel that
it's my place to make that
On 04.05.2010 11:40, Lennart Poettering wrote:
> On Tue, 04.05.10 01:30, Joey Hess (jo...@debian.org) wrote:
>
>> Package: avahi-daemon
>> Version: 0.6.25-3
>> Severity: normal
>> Tags; security
>>
>> /var/run/avahi-daemon/pid is writable by the avahi user. Suppose this
>> user is compromised. If
On Tue, 04.05.10 01:30, Joey Hess (jo...@debian.org) wrote:
> Package: avahi-daemon
> Version: 0.6.25-3
> Severity: normal
> Tags; security
>
> /var/run/avahi-daemon/pid is writable by the avahi user. Suppose this
> user is compromised. If the pid is overwritten with a different process
> id, suc
Package: avahi-daemon
Version: 0.6.25-3
Severity: normal
Tags; security
/var/run/avahi-daemon/pid is writable by the avahi user. Suppose this
user is compromised. If the pid is overwritten with a different process
id, such as 1, /etc/init.d/avahi-daemon stop will go ahead and kill
that.
start-sto
5 matches
Mail list logo