[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#357561: privilege escalation hole



On Wed, Feb 28, 2007 at 07:45:28PM -0800, Russ Allbery wrote:
> I certainly agree that it would be good to fix the bug, but I also can see
> why the severity was downgraded.

I think Russ explained pretty nicely why this escalation is pretty rare
from being a true vulnerability, although there indeed is an attack
window if you do -F, forget about it, forget about the terminal (until
cron.daily where apache gets restarted by logrotate).

Anyway, from talking to Fabbione, NMU's are always welcome if someone
wants to properly test the patch such that it does what it claims it
does -- the idea behind the patch is ok in any case.

--Jeroen

-- 
Jeroen van Wolffelaar
Jeroen@wolffelaar.nl (also for Jabber & MSN; ICQ: 33944357)
http://Jeroen.A-Eskwadraat.nl



Reply to: