IRCd security issues

To: debian-devel@lists.debian.org
Subject: IRCd security issues
From: Christoph Lameter <clameter@waterf.org>
Date: Thu, 21 Nov 1996 12:38:03 -0800 (PST)
Message-id: <Pine.LNX.3.95.961121122429.32517A-100000@waterf.org>

I just released the IRCD with the fixed UID/GID.

IRCD is one other piece of software that I suspect is suffering from the
Chronic Security Hole Disorder. Its running under its own UID/GID for
security reasons but seems still to be able to compromise security by
eventually allowing Read access to system files.

I dont allow IRCD in our secure environment but only run it in the Danger
Zone on our Shell Server.

Could we perhaps have a section for those Packages? As far as I
understood the discussion any package must be securely work in the most
sensitive environment in all even theoretically thinkable circumstances.

I would like to get rid of IRCD. If no one volunteers then I will orphan
the package.

So far I know about the following Packages with Chronic Security Problems:

ircd
sendmail
dosemu

--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
PGP Public Key  =  FB 9B 31 21 04 1E 3A 33  C7 62 2F C0 CD 81 CA B5 

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: IRCd security issues
  - From: lists@lina.inka.de (Bernd Eckenfels)

Prev by Date: standard for web servers
Next by Date: Re: Suid Manager Proposal
Previous by thread: standard for web servers
Next by thread: Re: IRCd security issues
Index(es):
- Date
- Thread