Bug#298060: (forw) Bug#298060: Please don't install login as setuid root

To: 298060-quiet@bugs.debian.org, team@security.debian.org, debian-release@lists.debian.org
Cc: 298060-submitter@bugs.debian.org
Subject: Bug#298060: (forw) Bug#298060: Please don't install login as setuid root
From: Christian Perrier <bubulle@debian.org>
Date: Tue, 8 Mar 2005 08:02:45 +0100
Message-id: <[🔎] 20050308070245.GR15328@mykerinos.kheops.frmug.org>

debian-release@lists.debian.org
Cc:	298060-submitter@bugs.debian.org
Bcc: 
Subject: Re: Bug#298060: (forw) Bug#298060: Please don't install login as setuid root
Reply-To: 
In-Reply-To: <[🔎] 20050307181816.GW5330@finlandia.infodrom.north.de>
X-message-flag: Outlook is a good virus spreading tool. It can send mail, too.
X-pot_a_miel: honeypot@kheops.frmug.org

Quoting Martin Schulze (joey@infodrom.org):

> When no code needs to be changed but only the suid bit dropped
> and login still works as expected, I don't see a reason not to
> drop the setuid bit, even the contrary, I wonder why it is setuid
> root in the first place.

Well, should I take this as the official Security Team advice ?

If so, the conclusion would be : the Security Team is OK for the
change while the Release Team is not really pushing it...which would
then draw the conclusion for me : delay the change as the priority now
is to release.

I could for sure upload something changed to experimental. But, well,
I simply don't feel I have the resources for handling two branches for
shadow at this moment.

Reply to:

Prev by Date: Re: freezing source packages that produce udebs
Next by Date: Re: (forw) Bug#298060: Please don't install login as setuid root
Previous by thread: Re: Proposing stable PostgreSQL bugfixes
Next by thread: gcc-3.3 3.3.5-9 C++ ABI problem.
Index(es):
- Date
- Thread