Re: Uploaded devscripts 2.0.0 (source all) to master

To: debian-devel@lists.debian.org
Subject: Re: Uploaded devscripts 2.0.0 (source all) to master
From: James Troup <james@nocrew.org>
Date: 07 Jan 1999 22:26:56 +0000
Message-id: <[🔎] 874sq2iurz.fsf@nocrew.org>
In-reply-to: jdg@maths.qmw.ac.uk's message of "Thu, 7 Jan 1999 21:34:24 +0000 (GMT)"
References: <[🔎] m0zyN4S-000InqC@polya>

jdg@maths.qmw.ac.uk (Julian Gilbey) writes:

> debchange runs with no special privileges, so I haven't taken
> precautions against /tmp exploits.

*bang *bang *bang* *bang*

FFS, What kind of attitude is that?  Oh, I was only running as
non-root, so the fact someone hosed a critically file to my life, is
no problem whatsoever?

> What I will do, though, is to disable debchange from running as root
> or setuid root for the next release.

If that's what you meant by `fix' it in 2.0.2, it's still broken.

-- 
James

Reply to:

Follow-Ups:
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: martin@internet-treff.uni-koeln.de (Martin Bialasinski)
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: jdg@maths.qmw.ac.uk (Julian Gilbey)

References:
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: jdg@maths.qmw.ac.uk (Julian Gilbey)

Prev by Date: Re: Suggestion: Skip Slink!
Next by Date: Re: FWD: RMS and Debian on his Toshiba
Previous by thread: Re: Uploaded devscripts 2.0.0 (source all) to master
Next by thread: Re: Uploaded devscripts 2.0.0 (source all) to master
Index(es):
- Date
- Thread