[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: avifile (QA upload)

Hi Yavor,

On Mon, Nov 23, 2009 at 09:45:58PM +0200, Yavor Doganov wrote:
> At Thu, 19 Nov 2009 11:26:39 -0500,
> Barry deFreese wrote:
> | avifile-utils: setuid-binary usr/bin/kv4lsetup 4755 root/root
> but this override was added by the original maintainer (also
> upstream), which of course doesn't mean it's right.

I had a short look at the program in question. It looks well written in
that it tries hard to validate all user input and avoid race conditions.
On the other hand I did not check all the xlib calls and do not know the
implications of all those ioctls.

Hope that helps


PS: If in doubt always ask the security team or at least use the
debian-audit@shellcode.org mailing list for questions.

Reply to: