[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setuid/setgid binaries contained in the Debian repository.

On Sat, 2 Aug 2003 22:17:16 -0400, Matt Zimmerman <mdz@debian.org> said: 

> On Sat, Aug 02, 2003 at 08:14:15PM -0500, Manoj Srivastava wrote:
>> Heh. You should look at what is in the current version:

> Is that what you would say to the users who have angband installed
> on Woody?  I do not think this is something to laugh about.

	There are any number of old programs where security was not an
 issue -- and yes, angband is one where such a makeover was only
 performed in the last year. 

	I must confess that my security audits did not include
 angband; I was more concerned with my packages in Debian, and I
 should have paid more attention to angband earlier.

	manoj
-- 
It is a wise father that knows his own child. William Shakespeare,
"The Merchant of Venice"
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C
Reply to: