[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#340981: debian-installer and world writable directories

Martin Schulze wrote:
> What would be the proper fix to this?  Does only fixing base-config make
> the bug go away for both new installations and existing installations?
> On my machines base-config seems to be purged, on some others it has
> status rc, which is not better either.

I'm sorry, I had misremembered the status of base-config in sarge and
the log files. It does not delete /var/log/debian-installer/ on purge.

So adding some code in base-config to fix the permissions won't work as
it can be manually removed and the log files will still be there. An
advisory would have to include a chmod command to fix them, or would
have to put the fix in some package other than base-config, or instruct
the user to install base-config. Only putting the fix in some other
commonly installed package would work for people who update but don't
actually read security advisories, if you care about them.

Patching the prebaseconfig udeb is the best way to save newly installed
systems from the issue. There's no need to fix genext2fs.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: