Re: RFS: avifile (QA upload)
On Mon, Nov 23, 2009 at 09:45:58PM +0200, Yavor Doganov wrote:
> At Thu, 19 Nov 2009 11:26:39 -0500,
> Barry deFreese wrote:
> | avifile-utils: setuid-binary usr/bin/kv4lsetup 4755 root/root
> but this override was added by the original maintainer (also
> upstream), which of course doesn't mean it's right.
I had a short look at the program in question. It looks well written in
that it tries hard to validate all user input and avoid race conditions.
On the other hand I did not check all the xlib calls and do not know the
implications of all those ioctls.
Hope that helps
PS: If in doubt always ask the security team or at least use the
firstname.lastname@example.org mailing list for questions.