Bug#4331: security alert (tar & anon ftp)
... so may I close this bug report, as one could assume, that nobody
puts a tar binary in the SITE EXEC directory (is currently
~ftp/usr/bin/ftpexec for anon ftp and /usr/bin/ftpexec for
real users).
Or should we really patch tar? And release the wu-ftpd package
with its own tar, its own gzip, its own ls (all statically
linked?)?
Heiko
--
email : heiko@lotte.sax.de heiko@debian.org heiko@sax.de
pgp : A1 7D F6 7B 69 73 48 35 E1 DE 21 A7 A8 9A 77 92
finger: heiko@sax.sax.de heiko@master.debian.org
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: