[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#487932: kdebase-bin: kcheckpass should be setuid root

Package: kdebase-bin
Version: 4:3.5.9.dfsg.1-2+b1
Severity: important


As it breaks both LDAP and NIS+ klock daemons, unless there is a proven
security bug, this binary shall stay setuid.

And please do not mention dpkg-statoveride that is
    1) Unknown by most users
    2) requires root priviledge, while LDAP and NIS are most used in a corporate environment



-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-rc7-git1 (PREEMPT)
Locale: LANG=en_IE@euro, LC_CTYPE=en_IE@euro (charmap=ISO-8859-15) (ignored: LC_ALL set to en_IE@euro)
Shell: /bin/sh linked to /bin/bash

Versions of packages kdebase-bin depends on:
ii  kdebase-runtime-bin 4:4.0.82+svn819867-1 core binaries for the KDE 4 base r
ii  kdelibs4c2a         4:3.5.9.dfsg.1-4     core libraries and binaries for al
ii  libc6               2.7-12               GNU C Library: Shared libraries
ii  libgcc1             1:4.3.1-2            GCC support library
ii  libpam-runtime      0.99.7.1-6           Runtime support for the PAM librar
ii  libpam0g            0.99.7.1-6           Pluggable Authentication Modules l
ii  libqt3-mt           3:3.3.8b-5           Qt GUI Library (Threaded runtime v
ii  libstdc++6          4.3.1-2              The GNU Standard C++ Library v3
ii  libx11-6            2:1.1.4-2            X11 client-side library
ii  libxcursor1         1:1.1.9-1            X cursor management library
ii  libxkbfile1         1:1.0.5-1            X11 keyboard file manipulation lib
ii  libxtst6            2:1.0.3-1            X11 Testing -- Resource extension 

kdebase-bin recommends no packages.

-- no debconf information
Reply to: