Re: Bug#24473: user <!--#exec cmd="script"--> runs as root
Can't you forward this bug report upstream?
--
Raul
Martin Schulze <joey@tapiola.Infodrom.North.DE> wrote:
> Raul Miller wrote:
> > Package: roxen
> > Version: 1.2beta1-1
> > Severity: important
>
> Please fix it yourself and give me the patch or do an NMU.
>
> I'm sure that I don't have the time to track this down NOW.
>
> I'm sorry. Not this time.
>
> > Even though the "Run user scripts as the owner of the script" option
> > is set to "yes" in the user file system module, scripts run from
> > a user's file system are run as root.
> >
> > This is a major security hole (not to mention an administrative
> > headache, as files and processes created by such scripts can not
> > be manipulated by the user).
> >
> > This problem also exists in 1.2beta2-1, but I'm filing this report
> > against the version in hamm because of the security implications.
> >
> > --
> > Raul
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-bugs-dist-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
> --
> Linux - the choice of a GNU generation
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: