Bug#487932: kdebase-bin: kcheckpass should be setuid root
Package: kdebase-bin
Version: 4:3.5.9.dfsg.1-2+b1
Severity: important
As it breaks both LDAP and NIS+ klock daemons, unless there is a proven
security bug, this binary shall stay setuid.
And please do not mention dpkg-statoveride that is
1) Unknown by most users
2) requires root priviledge, while LDAP and NIS are most used in a corporate environment
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-rc7-git1 (PREEMPT)
Locale: LANG=en_IE@euro, LC_CTYPE=en_IE@euro (charmap=ISO-8859-15) (ignored: LC_ALL set to en_IE@euro)
Shell: /bin/sh linked to /bin/bash
Versions of packages kdebase-bin depends on:
ii kdebase-runtime-bin 4:4.0.82+svn819867-1 core binaries for the KDE 4 base r
ii kdelibs4c2a 4:3.5.9.dfsg.1-4 core libraries and binaries for al
ii libc6 2.7-12 GNU C Library: Shared libraries
ii libgcc1 1:4.3.1-2 GCC support library
ii libpam-runtime 0.99.7.1-6 Runtime support for the PAM librar
ii libpam0g 0.99.7.1-6 Pluggable Authentication Modules l
ii libqt3-mt 3:3.3.8b-5 Qt GUI Library (Threaded runtime v
ii libstdc++6 4.3.1-2 The GNU Standard C++ Library v3
ii libx11-6 2:1.1.4-2 X11 client-side library
ii libxcursor1 1:1.1.9-1 X cursor management library
ii libxkbfile1 1:1.0.5-1 X11 keyboard file manipulation lib
ii libxtst6 2:1.0.3-1 X11 Testing -- Resource extension
kdebase-bin recommends no packages.
-- no debconf information
Reply to: