[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Intent to package: uedit



On Sat, May 02, 1998 at 09:12:41AM -0400, Raul Miller wrote:
> > Yeah, that's right, an editor that opens /dev/mem.
> 
> If you do an objdump (-Slx) on the binary, you'll see that it's trying
> to treat the screen as a region of memory.

This program is starting to scare me.  It disables console switching, puts
your keyboard in raw mode, is suid root (an EDITOR is suid?), manipulates
/dev/mem itself (can we say "corruption"?) and has no source!

I don't know that there is any method for doing this, but if the person who
intends to package this thing was serious, I protest this thing getting in
to the Debian ftp mirror, non-free or not.  I think this program is
dangerous and is a blatant security and stability compromise.

Debian has a policy to try and fix these kinds of problems within 48 hours
if possible.  This one should be fixed now, before the thing gets uploaded
to master.

Attachment: pgpXywI4H5OCN.pgp
Description: PGP signature


Reply to: