Bug#299007: base-files: Insecure PATH in /root/.profile

To: psz@maths.usyd.edu.au, 299007@bugs.debian.org
Subject: Bug#299007: base-files: Insecure PATH in /root/.profile
From: Bill Allombert <allomber@math.u-bordeaux.fr>
Date: Thu, 24 Mar 2005 21:51:51 +0100
Message-id: <[🔎] 20050324205151.GP30645@seventeen>
Reply-to: Bill Allombert <allomber@math.u-bordeaux.fr>, 299007@bugs.debian.org
In-reply-to: <[🔎] 200503241937.j2OJbEBs025158@pisa.maths.usyd.edu.au>
References: <[🔎] 20050324091901.GO30645@seventeen> <[🔎] 200503241937.j2OJbEBs025158@pisa.maths.usyd.edu.au>

On Fri, Mar 25, 2005 at 06:37:14AM +1100, psz@maths.usyd.edu.au wrote:
> > In no way installing the debian-policy package introduce a security
> > hole, causes serious data loss or makes unrelated software on the
> > system break.
> 
> Not the installation of the policy package, but the following of the
> policy, prevents base-files from being secure. Is not the policy at
> fault if it mandates insecure settings or actions? 

I won't argue one way or another, but instead I will note that the only
practical effect (outside statistics) of bug severity is that in
principle packages with bugs of severity 'serious' 'grave' or 'critical'
are not shipped in the next stable release, sarge in the case at hand.

Removing the debian-policy package from sarge is unlikely to make
base-files (or Debian as a whole) any more secure.

Cheers,
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here.

Reply to:

References:
- Bug#299007: base-files: Insecure PATH in /root/.profile
  - From: Bill Allombert <allomber@math.u-bordeaux.fr>
- Bug#299007: base-files: Insecure PATH in /root/.profile
  - From: psz@maths.usyd.edu.au

Prev by Date: Bug#299007: base-files: Insecure PATH in /root/.profile
Next by Date: Re: you may frighten
Previous by thread: Bug#299007: base-files: Insecure PATH in /root/.profile
Next by thread: Re: Bug#299007: base-files: Insecure PATH in /root/.profile
Index(es):
- Date
- Thread