AW: Bug#4902: Major security hole in xvmount
I have uploaded the corrected package xvmount_3.6-2
to master. Here, the default settings for the
mount permissions are equivalent to 'user' in
normal mounts, i.e. nodev, noexec, and nosuid.
They can be overwritten by root in the configuration
file /etc/xvmounttab. The use of an alternative
configuration file by the environment variable
XVMOUNTPATH is disabled now, so that all security
holes should be closed.
Best wishes -- Volker
---------------------------------------------------------------------
Volker Ossenkopf KOSMA (Kölner Observatorium für submm-Astronomie)
Tel.: 0221 4703485 1. Physikalisches Institut der
Fax.: 0221 4705162 Universität zu Köln
E-Mail: ossk@zeus.ph1.uni-koeln.de
---------------------------------------------------------------------
Reply to: