Bug#299007: base-files: Insecure PATH in /root/.profile

To: 299007@bugs.debian.org, allomber@math.u-bordeaux.fr
Subject: Bug#299007: base-files: Insecure PATH in /root/.profile
From: psz@maths.usyd.edu.au
Date: Fri, 25 Mar 2005 06:37:14 +1100
Message-id: <[🔎] 200503241937.j2OJbEBs025158@pisa.maths.usyd.edu.au>
Reply-to: psz@maths.usyd.edu.au, 299007@bugs.debian.org
In-reply-to: <[🔎] 20050324091901.GO30645@seventeen>

Bill,

Thank you for the explanations.

> One of the rules is that policy proposal are wishlist by definition.

Quite sensible: protect the policy-makers from blame and "litigation".
I guess that the couple of "normal" bugs listed under
  http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=debian-policy
never followed instructions and never set severity.

> In no way installing the debian-policy package introduce a security
> hole, causes serious data loss or makes unrelated software on the
> system break.

Not the installation of the policy package, but the following of the
policy, prevents base-files from being secure. Is not the policy at
fault if it mandates insecure settings or actions? 

Cheers,

Paul Szabo   psz@maths.usyd.edu.au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Reply to:

Follow-Ups:
- Bug#299007: base-files: Insecure PATH in /root/.profile
  - From: Bill Allombert <allomber@math.u-bordeaux.fr>

References:
- Bug#299007: base-files: Insecure PATH in /root/.profile
  - From: Bill Allombert <allomber@math.u-bordeaux.fr>

Prev by Date: Re: Bug#299007: base-files: Insecure PATH in /root/.profile
Next by Date: Bug#299007: base-files: Insecure PATH in /root/.profile
Previous by thread: Bug#299007: base-files: Insecure PATH in /root/.profile
Next by thread: Bug#299007: base-files: Insecure PATH in /root/.profile
Index(es):
- Date
- Thread