Package: ilisp Version: 5.12.0+cvs.2004.12.26-17 Severity: grave Tags: security Justification: user security hole User: debian...@lists.debian.org Usertags: piuparts
Hi, ilisp creates the following directory drwxrwxrwx 2 root root 300 Jul 22 22:03 /usr/lib/ilisp with this postinst snippet: chmod 777 /usr/lib/ilisp # Required so that users can build .fasl files That directory contains symlinks to various *.lisp files which may now be replaced by any local user... I don't use ilisp, I don't speak lisp, I just wrote the piuparts check for world writable directories :-) Andreas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
