IRCd security issues
I just released the IRCD with the fixed UID/GID.
IRCD is one other piece of software that I suspect is suffering from the
Chronic Security Hole Disorder. Its running under its own UID/GID for
security reasons but seems still to be able to compromise security by
eventually allowing Read access to system files.
I dont allow IRCD in our secure environment but only run it in the Danger
Zone on our Shell Server.
Could we perhaps have a section for those Packages? As far as I
understood the discussion any package must be securely work in the most
sensitive environment in all even theoretically thinkable circumstances.
I would like to get rid of IRCD. If no one volunteers then I will orphan
the package.
So far I know about the following Packages with Chronic Security Problems:
ircd
sendmail
dosemu
--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
PGP Public Key = FB 9B 31 21 04 1E 3A 33 C7 62 2F C0 CD 81 CA B5
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: