kscd/cddb world-writeable files

To: debian-devel@lists.debian.org
Subject: kscd/cddb world-writeable files
From: Andrea Borgia <borgia@students.cs.unibo.it>
Date: Mon, 18 Nov 2002 11:54:34 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.10.10211181142590.3345-100000@cantina.students.cs.unibo.it>

Hello.

I noticed that kscd creates files with mode 666 under
/var/lib/cddb/<category>. Ownership is <username.audio> and this is ok.

I was going to file a bug for it but then I thought I'd better ask a few
questions here first:

1) is that intentional? Why?
2) who's responsible for writing those files? kscd (as I suppose) or cddb
(owner of the directory /var/lib/cddb)
3) what severity would you assign to such a report and why? I was going to
use 'serious' but couldn't find (in section 11.9 of the policy) a
must/required directive related to that.

FYI, the following bugreports are related:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=115206
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=133590
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=139581
(these last two long-standing bugs could be collapsed together(*)

TIA everyone for help,
Andrea.

(*)practical question: can anyone do it? How do I report the exitence of similar/identical
bug reports?

--
Mä muistan sen kirkkaan päivän, sen kesän ja sen valon häivän
Heinä haisi, puut tuoksui, linnut lauloi vaan
Ja Lada ajaa kylän raitilla, Lada ajaa ja stereot soittaa

Reply to:

Follow-Ups:
- Re: kscd/cddb world-writeable files
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: MIME screwup on www.debian.org?
Next by Date: Re: orphaning my packages
Previous by thread: Re: MIME screwup on www.debian.org?
Next by thread: Re: kscd/cddb world-writeable files
Index(es):
- Date
- Thread