Control: tags -1 + pending
On 05/29/2015 12:05 AM, Christoph Anton Mitterer wrote:
As already explicitly stated in the original report, this fix should not
only be applied for new installations but also for existing ones.
I added ca-certificates package upgrade handling of setting ownership
Control: reopen -1
As already explicitly stated in the original report, this fix should not
only be applied for new installations but also for existing ones.
Otherwise millions of existing Debian installation will keep the lax
permissions forever.
Apparently, this is however not the case :(
And I just noted, that apparently you simply set the permissions based
on the /usr/local permissions and ownership, which means that the whole
issue isn't fixed at all, and any installation (per default all) which
use :staff as owner would still allow any user in that group to add
system wide
Control: tags -1 + pending
http://anonscm.debian.org/cgit/collab-maint/ca-certificates.git/commit/?id=a1a33ae5e155d2be5b17912ea060953f5cba9845
--
Kind regards,
Michael
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact
On Sun, Jan 30, 2011 at 03:35:05AM +0100, Christoph Anton Mitterer wrote:
Files in /usr/local/share/ca-certificates/ are installed as system wide
certificates, thus even affecting root (e.g. if he or the system security
depends on a secure /etc/ssl/certs)
This directory is however owned by
Hi,
On Sonntag, 30. Januar 2011, Christoph Anton Mitterer wrote:
Files in /usr/local/share/ca-certificates/ are installed as system wide
I hope the package doesn't create that directory, actually.
And then, certificates should probably be stored in /etc too.
cheers,
Holger
On Sun, 2011-01-30 at 10:53 +0100, Philipp Kern wrote:
This is [1]. Do you have an indication for me that such a transition plan
exists? I.e. did it happen for /usr/local/bin and such?
Doesn't seem so,.. although most people voted for it, as far as I can
see.
Cheers,
Chris.
smime.p7s
On Sun, 2011-01-30 at 10:54 +0100, Holger Levsen wrote:
I hope the package doesn't create that directory, actually.
It does.
And then, certificates should probably be stored in /etc too.
This is debatable,... one could say certificates are configuration,..
but one could also they, the certs
Package: ca-certificates
Version: 20090814+nmu2
Severity: important
Tags: security
Hi.
Files in /usr/local/share/ca-certificates/ are installed as system wide
certificates, thus even affecting root (e.g. if he or the system security
depends on a secure /etc/ssl/certs)
This directory is however
9 matches
Mail list logo
