Re: Intent to package: ruplist
Remco van de Meent wrote:
> It is not released under GPL - these few lines cover the copyright issues:
>
>
> RUPLIST - written by Roalt Zijlstra - Copyright 1996
>
> See for version number the Makefile.
>
> THIS SOFTWARE IS -AS IS-. USE OF THIS SOFTWARE IS AT YOUR OWN RISK THE
> AUTHOR IS NOT RESPONSIBLE FOR ANY HARM DONE TO YOUR COMPUTER BY USING
> THIS SOFTWARE.
>
> Ruplist may be distributed freely. Send any improvements or bug fixes to
> Roalt Zijlstra <roalt@cal006033.student.utwente.nl>
This says nothing about distribution of derived works (such as Debian
packages).
> Any opinions? One more
> thing - it makes use of a mode 777 directory /var/spool/ruplist; this is to
> allow any user to 'update' the all-time-high statistics. I don't see any
> clear exploits - symlinking files to /etc/passwd and stuff is detected
> (symlinks get unlink()'ed before used). If someone likes to audit it before
> I upload it (if noone objects), I'd like to hear the results of course.
Yes, it should be audited, because from the description you give it's not
safe. A symlink could be created between the detection and the use.
Richard Braakman
Reply to: