Hi Faidon!
> For future bug reports, please note that it's helpful to keep each issue
> in a separate bug report that can be responded to and fixed
> independently -- even if that means more bug reports for me to deal
> with! :)
Yes, perfectly understandable, I'll do that. Thanks for pointing it
Hi Faidon!
Just a quick note: it seems like the systemd on Debian 9.1 isn't affected by
the PID file flaw. At least a quick test seems to indicate it. However, don't
take my word for it, please try it yourself by changin the PID file of e. g.
radsecproxy.
Christian
--
Dipl.-Math. Christian
Hi Christian!
First off, thanks for the very detailed and constructive bug report!
For future bug reports, please note that it's helpful to keep each issue
in a separate bug report that can be responded to and fixed
independently -- even if that means more bug reports for me to deal
with! :)
On
Package: radsecproxy
Version: 1.6.9-1
First of all: thanks for providing this excellent package! :)
I'd like to address three topics:
(1) There's a flaw in some systemd versions that can be used for a DoS attack
if the PID file of a daemon is manipulated,
(2) radsecproxy shouldn't be run as
4 matches
Mail list logo