Bug#334616: yiff-server: runs as root and opens any file a client asks for

On Thu, 20 Oct 2005, Javier [iso-8859-1] Fern?ndez-Sanguino Pe?a wrote: > tags 334616 patch > thanks Many thanks for the patch. For today and tomorrow, I have intermittent access to my dev machine, so I've looked over the patch, applied it and just now uploaded it. I think that this will be wor

Processed: Re: Bug#334616: yiff-server: runs as root and opens any file a client asks for

Processing commands for [EMAIL PROTECTED]: > tags 334616 patch Bug#334616: yiff-server: runs as root and opens any file a client asks for Tags were: security Tags added: patch > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system adminis

Bug#334616: yiff-server: runs as root and opens any file a client asks for

tags 334616 patch thanks On Wed, Oct 19, 2005 at 12:58:10PM +0100, Phil Brooke wrote: > > Those three points should fix the problem you've identified. > > I wouldn't worry about the other two bugs you filed -- I should be able to > tidy those up within a few weeks (I hope!). Attached is a patch

Bug#334616: yiff-server: runs as root and opens any file a client asks for

On Wed, 19 Oct 2005, Javier [UTF-8] Fern??ndez-Sanguino [UTF-8] Pe??a wrote: > I don't have a patch available, but I could write one that: > > a) modifies the postinst/postrm to create a 'yiff' user (might need to belong >to the 'audio' group too) > b) modifies the init script to run yiff-serve

Bug#334616: yiff-server: runs as root and opens any file a client asks for

On Wed, Oct 19, 2005 at 08:48:49AM +0100, Phil Brooke wrote: > > The yiff server, by default, will run as the root user, even though it > > only requires privileges to access the audio devices (/dev/dsp and > > /dev/mixer), no effort is make by the package to create an specific user > > and run the

Bug#334616: yiff-server: runs as root and opens any file a client asks for

> The yiff server, by default, will run as the root user, even though it > only requires privileges to access the audio devices (/dev/dsp and > /dev/mixer), no effort is make by the package to create an specific user > and run the server as such. > [...] I agree that this is badly broken. Thanks

Bug#334616: yiff-server: runs as root and opens any file a client asks for

Package: yiff-server Version: 2.14.2-7 Severity: critical Tags: security Justification: root security hole The yiff server, by default, will run as the root user, even though it only requires privileges to access the audio devices (/dev/dsp and /dev/mixer), no effort is make by the package to crea