Re: UDD bugs stale?

To: debian-debbugs@lists.debian.org
Subject: Re: UDD bugs stale?
From: Don Armstrong <don@debian.org>
Date: Mon, 19 Mar 2012 12:12:38 -0700
Message-id: <[🔎] 20120319191238.GQ18422@rzlab.ucr.edu>
Mail-followup-to: debian-debbugs@lists.debian.org
In-reply-to: <[🔎] 20120319183843.GA14183@xanadu.blop.info>
References: <20120318122407.GZ19150@belanna.comodo.priv.at> <20120318151632.GA17998@xanadu.blop.info> <20120318155417.GC19150@belanna.comodo.priv.at> <[🔎] 20120318161103.GA21701@xanadu.blop.info> <[🔎] 20120319182045.GO18422@rzlab.ucr.edu> <[🔎] 20120319183843.GA14183@xanadu.blop.info>

On Mon, 19 Mar 2012, Lucas Nussbaum wrote:
> I kind-of fail to see the point. If I run a script as user 'lucas',
> I of course expect it to be run as user 'lucas', and I need to trust
> the code to some level. How is that different with debbugs ?

It's only different with the configuration file when
DEBBUGS_CONFIG_FILE is set. If the configuration file is installed in
/etc/debbugs/config, it doesn't check for the UID to match.

The main idea was to avoid YA environmental variable that could be
used as a means to execute code that hadn't been checked previously...
and honestly, I didn't expect anyone to be using it to run a
configuration file stored in an arbitrary location. [I primarily
intended it to be used during testing.]

Don Armstrong

-- 
Taxes are not levied for the benefit of the taxed.
 -- Robert Heinlein _Time Enough For Love_ p250

http://www.donarmstrong.com              http://rzlab.ucr.edu

Reply to:

Follow-Ups:
- Re: UDD bugs stale?
  - From: Lucas Nussbaum <lucas@debian.org>

References:
- Re: UDD bugs stale?
  - From: Lucas Nussbaum <lucas@debian.org>
- Re: UDD bugs stale?
  - From: Don Armstrong <don@debian.org>
- Re: UDD bugs stale?
  - From: Lucas Nussbaum <lucas@debian.org>

Prev by Date: Re: UDD bugs stale?
Next by Date: Re: UDD bugs stale?
Previous by thread: Re: UDD bugs stale?
Next by thread: Re: UDD bugs stale?
Index(es):
- Date
- Thread