Re: Uploaded devscripts 2.0.0 (source all) to master
> jdg@maths.qmw.ac.uk (Julian Gilbey) writes:
>
> > debchange runs with no special privileges, so I haven't taken
> > precautions against /tmp exploits.
>
> *bang *bang *bang* *bang*
>
> FFS, What kind of attitude is that? Oh, I was only running as
> non-root, so the fact someone hosed a critically file to my life, is
> no problem whatsoever?
It is the attitude of somebody who has been working so hard that they
didn't spot that glaring security hole ;-). I have just uploaded
version 2.0.3 to master (and deleted version 2.0.2) which corrects
this problem properly in both debchange and uupdate. Not that the
problem wasn't there before, mind you. Should I try hacking the code
in version 1.7.1 (the current one in frozen) because it's a serious
bug? I take it from this discussion that it is, and that I should do
so.
Hmmm, why can't I just put 2.0.3 in slink?! ;-)
Julian
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Julian Gilbey Email: J.D.Gilbey@qmw.ac.uk
Dept of Mathematical Sciences, Queen Mary & Westfield College,
Mile End Road, London E1 4NS, ENGLAND
-*- Finger jdg@goedel.maths.qmw.ac.uk for my PGP public key. -*-
Reply to: