Previously Anthony Fok wrote: > As the Slink deep freeze and release are impending, I would like to ask your > advice: Should I follow the suggestion given by the bug reporter Thomas > Roessler? I think so. For people who want to mount floppies without being root you can also use a line in /etc/fstab like this: /dev/fd0 /floppy auto noauto,noexec,nodev,user 0 0 fdmount should probably be audited so we really know if it's secure. You could submit it to the security-auditing list (security-audit@ferret.lmh.ox.ac.uk). > If so, should I fix this bug before Slink is out? Yes. I would hate to discover a vulnerability and release an advisory days after we release slink.. Wichert. -- ============================================================================== This combination of bytes forms a message written to you by Wichert Akkerman. E-Mail: wakkerma@cs.leidenuniv.nl WWW: http://www.wi.leidenuniv.nl/~wichert/
Attachment:
pgpQV5v_bNGRc.pgp
Description: PGP signature