[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [thierry.laronde: cgi-scripts introduces potential security holes]

Le Sat, Jan 15, 2000 at 04:25:35PM +0100, Thierry Laronde écrivait:
> Package: cgi-scripts
> Severity: critical 
> This orphaned package is, at the moment, inconsistent, lacking documentation,
> giving scripts that are now almost useless, and placing in /cgi-bin/ Bourne 
> Shell scripts invoking directly commands like 'finger', which introduces 
> security holes.

Did you find security holes ? If not how can you be sure that there are
some ? If I remember well, some have already been discovered and most
of the shell escape problems have been fixed. I think this bug shouldn't
be marked as grave until a real problem is given.

Anyway I wouldn't mind if we remove this package from Debian. What do
people think ?

Raphaël Hertzog -=- http://tux.u-strasbg.fr/~raphael/
<pub> CDs Debian : http://tux.u-strasbg.fr/~raphael/debian/#cd </pub>

Reply to: