Bug#299007: base-files: Insecure PATH

To: mdz@debian.org, srivasta@debian.org
Cc: 299007@bugs.debian.org
Subject: Bug#299007: base-files: Insecure PATH
From: psz@maths.usyd.edu.au
Date: Tue, 22 Mar 2005 14:37:14 +1100
Message-id: <[🔎] 200503220337.j2M3bEWw022704@pisa.maths.usyd.edu.au>
Reply-to: psz@maths.usyd.edu.au, 299007@bugs.debian.org
In-reply-to: <[🔎] 871xa8fwqm.fsf@glaurung.internal.golden-gryphon.com>

> Could the settings
>>>   Severity: critical
>>>   Justification: root security hole
>>> please be re-instated on this bug? In some common scenarios, current
>>> arrangements allow root access.
>> 
>> Could this be done, please, while we discuss (argue?) resolution?
> 
> No, I think that would be far overstating the facts.

Are you sure there are no security issues, and absolutely sure there are no
root security holes, lurking in there?

I am tempted to publicize the issue on the BugTraq and FullDisclosure
mailing lists. Maybe I am wrong, and will suffer the humiliation of being
laughed at; or maybe I am right ...

(I know Matt thinks bugs.debian is public already, but it is quite obscure;
so the general public, Debian users, and other Linux/UNIX maintainers may
still be in the dark.)

Cheers,

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Reply to:

Follow-Ups:
- Bug#299007: base-files: Insecure PATH
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Bug#299007: base-files: Insecure PATH
  - From: Manoj Srivastava <srivasta@debian.org (va, manoj)>

Prev by Date: Bug#299007: base-files: Insecure PATH
Next by Date: Bug#299007: base-files: Insecure PATH
Previous by thread: Bug#299007: base-files: Insecure PATH
Next by thread: Bug#299007: base-files: Insecure PATH
Index(es):
- Date
- Thread