On Thu, 20 Oct 2005, Javier [iso-8859-1] Fern?ndez-Sanguino Pe?a wrote:
> tags 334616 patch
> thanks
Many thanks for the patch. For today and tomorrow, I have intermittent
access to my dev machine, so I've looked over the patch, applied it and
just now uploaded it.
I think that this will be wor
Processing commands for [EMAIL PROTECTED]:
> tags 334616 patch
Bug#334616: yiff-server: runs as root and opens any file a client asks for
Tags were: security
Tags added: patch
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system adminis
tags 334616 patch
thanks
On Wed, Oct 19, 2005 at 12:58:10PM +0100, Phil Brooke wrote:
>
> Those three points should fix the problem you've identified.
>
> I wouldn't worry about the other two bugs you filed -- I should be able to
> tidy those up within a few weeks (I hope!).
Attached is a patch
On Wed, 19 Oct 2005, Javier [UTF-8] Fern??ndez-Sanguino [UTF-8] Pe??a wrote:
> I don't have a patch available, but I could write one that:
>
> a) modifies the postinst/postrm to create a 'yiff' user (might need to belong
>to the 'audio' group too)
> b) modifies the init script to run yiff-serve
On Wed, Oct 19, 2005 at 08:48:49AM +0100, Phil Brooke wrote:
> > The yiff server, by default, will run as the root user, even though it
> > only requires privileges to access the audio devices (/dev/dsp and
> > /dev/mixer), no effort is make by the package to create an specific user
> > and run the
> The yiff server, by default, will run as the root user, even though it
> only requires privileges to access the audio devices (/dev/dsp and
> /dev/mixer), no effort is make by the package to create an specific user
> and run the server as such.
> [...]
I agree that this is badly broken. Thanks
Package: yiff-server
Version: 2.14.2-7
Severity: critical
Tags: security
Justification: root security hole
The yiff server, by default, will run as the root user, even though it
only requires privileges to access the audio devices (/dev/dsp and
/dev/mixer), no effort is make by the package to crea
7 matches
Mail list logo