Re: List of bugs that must be fixed before releasing Slink

To: debian-devel@lists.debian.org
Subject: Re: List of bugs that *must* be fixed before releasing Slink
From: kaih@khms.westfalen.de (Kai Henningsen)
Date: 31 Jan 1999 20:48:00 +0200
Message-id: <[🔎] 79wKRPcHw-B@khms.westfalen.de>
In-reply-to: <[🔎] 19990131140716.C2824@cs.leidenuniv.nl>
References: <[🔎] 19990131140716.C2824@cs.leidenuniv.nl>

wakkerma@cs.leidenuniv.nl (Wichert Akkerman)  wrote on 31.01.99 in <[🔎] 19990131140716.C2824@cs.leidenuniv.nl>:

> Previously Michael Stone wrote:
> > > perl-suid         31904  [B.A.McCauley@BHAM.AC.UK: Secuity hole with pe=
> rl (suidperl) and nosuid mounts on Linux] [13]  (Darren Stalder <torin@daft=
.com>> )
> >=20
> > I'm not sure there's much we can do about this one--it's a library (kerne=
> l?)
> > problem. Perhaps a note in the postinst that the 'nosuid' mount option wo=
> n't
> > work, and a suggestion that care be taken with user-mountable media?
>
> What perl-suid should do is check the mountoptions for the filesystem on
> which the script resides and abort if that was mounted with nosuid.
> Should be quite simple actually..

That is more than a little gross.

I'm not convinced that that solution doesn't do more harm than the problem  
it is trying to fix.


MfG Kai

Reply to:

References:
- Re: List of bugs that *must* be fixed before releasing Slink
  - From: Wichert Akkerman <wakkerma@cs.leidenuniv.nl>

Prev by Date: Re: Do not pull a package!
Next by Date: Re: List of bugs that *must* be fixed before releasing Slink
Previous by thread: Re: suid-perl
Next by thread: Re: List of bugs that *must* be fixed before releasing Slink
Index(es):
- Date
- Thread

Re: List of bugs that *must* be fixed before releasing Slink

Re: List of bugs that must be fixed before releasing Slink