Re: RFS: avifile (QA upload)

To: debian-mentors@lists.debian.org, Yavor Doganov <yavor@gnu.org>
Subject: Re: RFS: avifile (QA upload)
From: Helmut Grohne <helmut@subdivi.de>
Date: Tue, 24 Nov 2009 17:02:57 +0100
Message-id: <[🔎] 20091124160256.GA6436@alf.mars>
Mail-followup-to: debian-mentors@lists.debian.org, Yavor Doganov <yavor@gnu.org>
In-reply-to: <87ocmtxbwp.GNU's_Not_Unix!%yavor@gnu.org>
References: <87einupq6h.GNU's_Not_Unix!%yavor@gnu.org> <[🔎] 4B0571BF.5000606@verizon.net> <87ocmtxbwp.GNU's_Not_Unix!%yavor@gnu.org>

Hi Yavor,

On Mon, Nov 23, 2009 at 09:45:58PM +0200, Yavor Doganov wrote:
> At Thu, 19 Nov 2009 11:26:39 -0500,
> Barry deFreese wrote:
> | avifile-utils: setuid-binary usr/bin/kv4lsetup 4755 root/root
> but this override was added by the original maintainer (also
> upstream), which of course doesn't mean it's right.

I had a short look at the program in question. It looks well written in
that it tries hard to validate all user input and avoid race conditions.
On the other hand I did not check all the xlib calls and do not know the
implications of all those ioctls.

Hope that helps

Helmut

PS: If in doubt always ask the security team or at least use the
debian-audit@shellcode.org mailing list for questions.

Reply to:

References:
- RFS: avifile (QA upload)
  - From: Yavor Doganov <yavor@gnu.org>
- Re: RFS: avifile (QA upload)
  - From: Barry deFreese <bdefreese@verizon.net>
- Re: RFS: avifile (QA upload)
  - From: Yavor Doganov <yavor@gnu.org>

Prev by Date: Re: RFS: qtsmbstatus
Next by Date: Request for a Mentor
Previous by thread: Re: RFS: avifile (QA upload)
Next by thread: Re: RFS: lesstif2 AND Questions about collab-maint
Index(es):
- Date
- Thread