[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#27050 (fdutils): A cause for security concern?

Previously Anthony Fok wrote:
> As the Slink deep freeze and release are impending, I would like to ask your
> advice: Should I follow the suggestion given by the bug reporter Thomas
> Roessler?

I think so. For people who want to mount floppies without being root
you can also use a line in /etc/fstab like this:

/dev/fd0     /floppy    auto      noauto,noexec,nodev,user       0  0

fdmount should probably be audited so we really know if it's secure. You
could submit it to the security-auditing list

> If so, should I fix this bug before Slink is out?

Yes. I would hate to discover a vulnerability and release an advisory
days after we release slink..


This combination of bytes forms a message written to you by Wichert Akkerman.
E-Mail: wakkerma@cs.leidenuniv.nl
WWW: http://www.wi.leidenuniv.nl/~wichert/

Attachment: pgpI4miFhuzj7.pgp
Description: PGP signature

Reply to: