Bug#299007: base-files: Insecure PATH
> Could the settings
>>> Severity: critical
>>> Justification: root security hole
>>> please be re-instated on this bug? In some common scenarios, current
>>> arrangements allow root access.
>>
>> Could this be done, please, while we discuss (argue?) resolution?
>
> No, I think that would be far overstating the facts.
Are you sure there are no security issues, and absolutely sure there are no
root security holes, lurking in there?
I am tempted to publicize the issue on the BugTraq and FullDisclosure
mailing lists. Maybe I am wrong, and will suffer the humiliation of being
laughed at; or maybe I am right ...
(I know Matt thinks bugs.debian is public already, but it is quite obscure;
so the general public, Debian users, and other Linux/UNIX maintainers may
still be in the dark.)
Cheers,
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Reply to: