Re: Intent to package: ruplist
Remco van de Meent wrote:
> It is not released under GPL - these few lines cover the copyright issues:
> RUPLIST - written by Roalt Zijlstra - Copyright 1996
> See for version number the Makefile.
> THIS SOFTWARE IS -AS IS-. USE OF THIS SOFTWARE IS AT YOUR OWN RISK THE
> AUTHOR IS NOT RESPONSIBLE FOR ANY HARM DONE TO YOUR COMPUTER BY USING
> THIS SOFTWARE.
> Ruplist may be distributed freely. Send any improvements or bug fixes to
> Roalt Zijlstra <firstname.lastname@example.org>
This says nothing about distribution of derived works (such as Debian
> Any opinions? One more
> thing - it makes use of a mode 777 directory /var/spool/ruplist; this is to
> allow any user to 'update' the all-time-high statistics. I don't see any
> clear exploits - symlinking files to /etc/passwd and stuff is detected
> (symlinks get unlink()'ed before used). If someone likes to audit it before
> I upload it (if noone objects), I'd like to hear the results of course.
Yes, it should be audited, because from the description you give it's not
safe. A symlink could be created between the detection and the use.