Bug#717536: phoronix-test-suite: installs software from outside debian

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#717536: phoronix-test-suite: installs software from outside debian
From: Christoph Anton Mitterer <calestyo@scientia.net>
Date: Mon, 22 Jul 2013 04:38:40 +0200
Message-id: <[🔎] 20130722023840.18933.49317.reportbug@heisenberg.scientia.net>
Reply-to: Christoph Anton Mitterer <calestyo@scientia.net>, 717536@bugs.debian.org

Package: phoronix-test-suite
Version: 4.6.0-1
Severity: critical
Tags: security
Justification: root security hole


Hi.

The only way to operate PTS seems to be by installing the respective tests
from OpenBenchmarking.org, right?

Given that this introduces completely unchecked and untrusted software, for
which moreover no security support is covered by Debian,... this package
should IMHO give big warnings about that fact, at least:
- in the package description
and-
- in a debconf dialogue.


Marking as root security hole, even though the software runs probably as
normal user, but such remote software could expoloit any further local security
hole.


Cheers,
Chris.

Reply to:

Prev by Date: Bug#717535: phoronix-test-suite: new upstream version
Next by Date: Processed: Re: Bug#717536: phoronix-test-suite: installs software from outside debian
Previous by thread: Bug#717535: phoronix-test-suite: new upstream version
Next by thread: Processed: Re: Bug#717536: phoronix-test-suite: installs software from outside debian
Index(es):
- Date
- Thread