Bug#299007: base-files: Insecure PATH

[Bill Allombert <allomber@math.u-bordeaux.fr>]

On Sat, Mar 19, 2005 at 06:56:37PM +1100, Brendan O'Dea wrote:
> I believe that the facility of having a group which may write to
> /usr/local is very useful and should be retained.  Furthermore, I would
> assert that the current situation poses no security risks without the
> administrator choosing to add users to the staff group.

I would like to add there is at least an other group in Debian that is
equivalent to root access, namely disk, and there are others that
present a security risk (e.g. shadow). Why special casing staff ?

> Having /home writable by group staff OTOH doesn't seem particularly
> useful.

This is useful when you want to store data in the /home partition that
do not need to belong to any user.

You can do e.g.
mkdir /home/debs; mv *.deb /home/debs

And so far no one has stated how it was a security risk.

Cheers,
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here.