On Mon 2018-02-05 17:55:27 +0100, Raphael Hertzog wrote:
> I'm not quite sure of what colord is vulnerable. #889060 assumes the
> attacker can create arbitrary hardlinks as the "colord" user in
> /var/lib/colord. I don't know colord enough to know if that's the case
> and why that would be the case
Hi,
On Fri, 02 Feb 2018, Chris Lamb wrote:
> > In my case, I remember having touched many packages with dedicated
> > users created and I expect this tag to have a very high false positive
> > ratio
>
> Can you make this more concrete? (Or, perhaps, why is colord
> vulnerable but your particular
[Splitting thread]
> In my case, I remember having touched many packages with dedicated
> users created and I expect this tag to have a very high false positive
> ratio
Can you make this more concrete? (Or, perhaps, why is colord
vulnerable but your particular package is not..?)
Regards,
--
Hi Raphael,
> Consensus? Has there been a broader discussion on this topic that I
> missed?
Chatter on #debian-devel mostly.
> You could have a checklist
I follow a checklist internally but, as I implied in my previous mail,
using this particular tag is a poor example/representation. :)
A quic
Hi,
On Fri, 02 Feb 2018, Chris Lamb wrote:
> > you do not suggest any alternative (how do I fix change
> > permissions/ownership securely?)
>
> Indeed, as the consensus is still not clear at this point. Do you
> have any suggestions for such a text?
Consensus? Has there been a broader discussion
Raphael,
> you do not suggest any alternative (how do I fix change
> permissions/ownership securely?)
Indeed, as the consensus is still not clear at this point. Do you
have any suggestions for such a text?
> Please try to be a bit more restrictive in what new tags you are
> accepting.
You seem
Hi,
On Thu, 01 Feb 2018, Daniel Kahn Gillmor wrote:
> "chown -R" and "chmod -R" are very hard to use safely
Why ?
> some debian maintainer scripts might be tempted to use them to adjust
> file ownership to specific users. however, those scripts are
> vulnerable to attack on kernels that do not
tags 889066 + pending
thanks
Fixed in Git, pending upload:
https://anonscm.debian.org/git/lintian/lintian.git/commit/?id=e46b47690c6018847c48e05d2162562f16bb87e6
Regards,
--
,''`.
: :' : Chris Lamb
`. `'` la...@debian.org / chris-lamb.co.uk
`-
Package: lintian
Version: 2.5.72
Severity: wishlist
"chown -R" and "chmod -R" are very hard to use safely, and very
tempting as a sledgehammer to "just make the permissions be what i
want them to be".
some debian maintainer scripts might be tempted to use them to adjust
file ownership to specific
9 matches
Mail list logo