Package: libpam-modules
Version: 0.79-4
Severity: grave
adding "session required pam_limits.so" to /etc/pam.d/login results in
limits beeing taken ONLY from /etc/security/limits.conf - all default values
are flushed.
PROBLEMS
1) This is a minor security issue because the default configuratio
>I doubt that this is a serious problem
[...]
>Right, problems should be minimized if possible.
Anyway, I think we can agree it should be fixed (whether it is "serious" or
not).
Just for the sake of argument:
according to debian policy it is "serious", see
1) http://www.debian.org/Bugs/Develope
Package: gnupg
Version: 1.4.6-2
Severity: serious
gnupg binary is setuid root.
"ls -l /usr/bin/gpg
-rwsr-xr-x 1 root root 837304 2007-03-07 23:16 /usr/bin/gpg"
PROBLEMS
1) bugs in gnupg will potentially allow for rights-escalation by restricted
users
2) Setuid flag was necessary for backwards-
3 matches
Mail list logo