Re: Uploaded devscripts 2.0.0 (source all) to master

To: joey@kitenet.net (Joey Hess)
Cc: jdg@debian.org, debian-devel@lists.debian.org
Subject: Re: Uploaded devscripts 2.0.0 (source all) to master
From: jdg@maths.qmw.ac.uk (Julian Gilbey)
Date: Thu, 7 Jan 1999 21:34:24 +0000 (GMT)
Message-id: <[🔎] m0zyN4S-000InqC@polya>
In-reply-to: <[🔎] 19990107110541.E31787@kitenet.net> from Joey Hess at "Jan 7, 1999 11: 5:41 am"

> Julian Gilbey wrote:
> >    * Now debchange works on a version of the changelog in /tmp and only
> >      overwrites the current changelog if everything is OK; this is much
> >      safer than the original version.  Also, all system calls have their
> >      return status checked
> 
> Did you do this safely? Ie, did you protect against file in /tmp exploits?

debchange runs with no special privileges, so I haven't taken
precautions against /tmp exploits.  What I will do, though, is to
disable debchange from running as root or setuid root for the next
release.

   Julian

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

            Julian Gilbey             Email: J.D.Gilbey@qmw.ac.uk
       Dept of Mathematical Sciences, Queen Mary & Westfield College,
                  Mile End Road, London E1 4NS, ENGLAND
      -*- Finger jdg@goedel.maths.qmw.ac.uk for my PGP public key. -*-

Reply to:

Follow-Ups:
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: Joey Hess <joey@kitenet.net>
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: James Troup <james@nocrew.org>

References:
- Re: Uploaded devscripts 2.0.0 (source all) to master
  - From: Joey Hess <joey@kitenet.net>

Prev by Date: Re: ARM port, auto-recompilation, and binary-only revision bumps
Next by Date: Re: Uploaded devscripts 2.0.0 (source all) to master
Previous by thread: Re: Uploaded devscripts 2.0.0 (source all) to master
Next by thread: Re: Uploaded devscripts 2.0.0 (source all) to master
Index(es):
- Date
- Thread