Re: [thierry.laronde: cgi-scripts introduces potential security holes]

To: Thierry Laronde <thierry.laronde@polynum.com>
Cc: Debian Quality <debian-qa@lists.debian.org>
Subject: Re: [thierry.laronde: cgi-scripts introduces potential security holes]
From: Raphael Hertzog <rhertzog@hrnet.fr>
Date: Sat, 15 Jan 2000 21:14:50 +0100
Message-id: <[🔎] 20000115211450.A29963@hrnet.fr>
In-reply-to: <[🔎] 20000115162535.A1350@polynum.com>; from thierry.laronde@polynum.com on Sat, Jan 15, 2000 at 04:25:35PM +0100
References: <[🔎] 20000115162535.A1350@polynum.com>

Le Sat, Jan 15, 2000 at 04:25:35PM +0100, Thierry Laronde écrivait:
> Package: cgi-scripts
> Severity: critical 
> 
> This orphaned package is, at the moment, inconsistent, lacking documentation,
> giving scripts that are now almost useless, and placing in /cgi-bin/ Bourne 
> Shell scripts invoking directly commands like 'finger', which introduces 
> security holes.

Did you find security holes ? If not how can you be sure that there are
some ? If I remember well, some have already been discovered and most
of the shell escape problems have been fixed. I think this bug shouldn't
be marked as grave until a real problem is given.

Anyway I wouldn't mind if we remove this package from Debian. What do
people think ?

Cheers,
-- 
Raphaël Hertzog -=- http://tux.u-strasbg.fr/~raphael/
<pub> CDs Debian : http://tux.u-strasbg.fr/~raphael/debian/#cd </pub>

Reply to:

Follow-Ups:
- Re: [thierry.laronde: cgi-scripts introduces potential security holes]
  - From: Thierry Laronde <thierry.laronde@polynum.com>

References:
- [thierry.laronde: cgi-scripts introduces potential security holes]
  - From: Thierry Laronde <thierry.laronde@polynum.com>

Prev by Date: Bug#55260: metamail: can't build from source
Next by Date: Re: [thierry.laronde: cgi-scripts introduces potential security holes]
Previous by thread: [thierry.laronde: cgi-scripts introduces potential security holes]
Next by thread: Re: [thierry.laronde: cgi-scripts introduces potential security holes]
Index(es):
- Date
- Thread