Bug#796635: nvi init script still needed?
Depending on how it's modified to fix that bug, I think it could
introduce a security issue as it:
* doesn't seem like an upstream script designed to run as root
* seems racy (especially after checking if something is a symlink)
* handles user content as root
AFAICT being at runlevel S at least stops racy issues. I wasn't
actually able to exploit anything myself, but if say there is an
exploit in awk, this could allow the attacker to get root at the next
reboot.
Reply to: