Raul Miller wrote: > Package: roxen > Version: 1.2beta1-1 > Severity: important Please fix it yourself and give me the patch or do an NMU. I'm sure that I don't have the time to track this down NOW. I'm sorry. Not this time. > Even though the "Run user scripts as the owner of the script" option > is set to "yes" in the user file system module, scripts run from > a user's file system are run as root. > > This is a major security hole (not to mention an administrative > headache, as files and processes created by such scripts can not > be manipulated by the user). > > This problem also exists in 1.2beta2-1, but I'm filing this report > against the version in hamm because of the security implications. > > -- > Raul > > > -- > To UNSUBSCRIBE, email to debian-bugs-dist-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org -- Linux - the choice of a GNU generation
Attachment:
pgp3s3e23ynVI.pgp
Description: PGP signature