Re: mgetty vulnerable?

To: debian-security@lists.debian.org
Cc: gert.doering@physik.tu-muenchen.de
Subject: Re: mgetty vulnerable?
From: Andreas Barth <aba@not.so.argh.org>
Date: Fri, 2 May 2003 11:46:36 +0200
Message-id: <20030502094636.GC11748@mails.so.argh.org>
In-reply-to: <Pine.GSO.4.40.0305011615550.22452-100000@deneb.cc.umanitoba.ca>
References: <Pine.GSO.4.40.0305011615550.22452-100000@deneb.cc.umanitoba.ca>

* Drew Scott Daniels (umdanie8@cc.UManitoba.CA) [030502 01:20]:
> [...]

There is as far as I can see (only) one important security enhancement
in the newer mgettys, and this is running the fax-out-scripts not
as root. There is no proof that the old mgettys are vulnerable, but
it's never a good idea to run anything as root unless absolutly
neccessary.

Wolfgang and I are just working to get this running on debian
testing/unstable (but _this_ update is not trivial, so it's not just
an "apply patch" to get it to the woody version). If anyone has the
important desire to use this right now, he should take the sources
from unstable and recompile (and make the neccassary enhancements).

Everyone else should wait for about an week, then there should be a
working version. As minor and major bug fixes are more or less the
only changes in mgetty, I would recommend the version in unstable as
the security update for everyone who needs it.


Cheers,
Andi
-- 
   http://home.arcor.de/andreas-barth/
   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C
   Fachbegriffe des Schienenverkehrs #1         von Marc Haber in dasr
   Alles wird billiger: 50 % Preiserhöhung für Stammkunden.

Reply to:

References:
- mgetty vulnerable?
  - From: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>

Prev by Date: Re: Woody security updates
Next by Date: MAC-based ssh
Previous by thread: mgetty vulnerable?
Next by thread: Re: mgetty vulnerable
Index(es):
- Date
- Thread