Re: Release-critical Bugreport for November 26, 1999
On 99-11-28 Herbert Xu wrote:
> Christian Kurz <shorty@debian.org> wrote:
> >
> >> Package: kernel-image-2.2.13 (main)
> >> Maintainer: Herbert Xu <herbert@debian.org>
> >> 49723 kernel: devpts module not installed by default
> >> [FIXED] Fixed package kernel-image-2.2.13-i386 is in Incoming
> > Herbert, has the new bug-fixing upload yet been done?
> Well, as the tag says, it's in Incoming.
Sorry, I must have overseen this tag while going through this list.
> >> Package: libc6 (main)
> >> Maintainer: Joel Klecker <debian-glibc@lists.debian.org>
> >> 21810 libc6: rexec call dumps core with user="string" and password=NULL
> > Need some more examination to find a solution, that doesn't open a
> > security hole.
> AFAIK, there aren't any security implications here if the strategy is to
> copy the libc5 behaviour (my preference).
This would be a possible solution, but is a good solution? I just looked
through the emails in the BTS about this issue and think that Joey
(M.Schulze) made a good suggestion how rexec should behave. What about
this suggestion? Could this be adopted and implemented?
Ciao
Christian
--
********************************************************************
* Christian Kurz Debian Developer/QA-Team *
* Use Debian - a free Operating System *
********************************************************************
Reply to: