Bug#692929: ncpfs - ncpmount is suid root
Package: ncpfs
Severity: serious
ncpmount is suid root. A quick check through last patches for security
problems and the code itself don't make me believe this is save.
The code uses weird checks including calls to clone(2). As ncp is
mostly dead this is unlikely to change.
I think it is best to remove the suid flag for now and if noone wants to
do anything about it drop the package.
Bastian
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Reply to: