[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#298060: (forw) Bug#298060: Please don't install login as setuid root



debian-release@lists.debian.org
Cc:	298060-submitter@bugs.debian.org
Bcc: 
Subject: Re: Bug#298060: (forw) Bug#298060: Please don't install login as setuid root
Reply-To: 
In-Reply-To: <20050307181816.GW5330@finlandia.infodrom.north.de>
X-message-flag: Outlook is a good virus spreading tool. It can send mail, too.
X-pot_a_miel: honeypot@kheops.frmug.org

Quoting Martin Schulze (joey@infodrom.org):

> When no code needs to be changed but only the suid bit dropped
> and login still works as expected, I don't see a reason not to
> drop the setuid bit, even the contrary, I wonder why it is setuid
> root in the first place.


Well, should I take this as the official Security Team advice ?

If so, the conclusion would be : the Security Team is OK for the
change while the Release Team is not really pushing it...which would
then draw the conclusion for me : delay the change as the priority now
is to release.

I could for sure upload something changed to experimental. But, well,
I simply don't feel I have the resources for handling two branches for
shadow at this moment.







Reply to: