04.02.2014 03:09, eclectic 923 wrote: > I'd like to politely agree, and disagree with the handling of this bug. > > YES, you're absolutely right the bridge helper is a security hole. > > NO, you're absolutely wrong to remove the bridge helper from the package. A > proper solution would have been to include it, and make it not a threat by > removing the SUID setting. That way, if someone was willing to change it back > to SUID, or root ran the virtual machine, everything would work. The > alternative you've left is having to build and install the package by hand... > a pretty unacceptable position when there is a very reasonable alternative. > > I'd like to request this be moved from wishlist to a more appropriate level > and FIXED.
Thanks, that's useful rambling. Now, I'd like you to fix the security hole which is introduced by this helper, and we'll gladly fix the bug. Note that if you didn't whine but actually tried to think, you'd found several more alternatives. One of them is to pre-configure tap devices (during system startup for example), another is to use a management layer like libvirt. Thank you. /mjt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
