Re: Uploaded devscripts 2.0.0 (source all) to master
jdg@maths.qmw.ac.uk (Julian Gilbey) writes:
> debchange runs with no special privileges, so I haven't taken
> precautions against /tmp exploits.
*bang *bang *bang* *bang*
FFS, What kind of attitude is that? Oh, I was only running as
non-root, so the fact someone hosed a critically file to my life, is
no problem whatsoever?
> What I will do, though, is to disable debchange from running as root
> or setuid root for the next release.
If that's what you meant by `fix' it in 2.0.2, it's still broken.
--
James
Reply to: