Package: librad0 Version: 2.12.0-4 Severity: normal Dear Maintainer,
Thanks for packaging radlib! As a wview user it's nice to see one of its dependencies added to the official repos. I recently realized that wview creates most files world-writable, which is a pretty big security issue. The cause is the radlib radUtilsBecomeDaemon function unconditionally calling umask(0) after fork() and none of the wview daemons call umask with a sane value after that. This is radlib issue #2 which was opened in 2011 and hasn't received any comment.[1] I was hoping you might be willing to carry a patch which removes the umask(0) call. Otherwise I (and presumably many other users of radlib) will need to update all calls to radUtilsBecomeDaemon to save/restore the umask. Thanks for considering, Kevin 1. https://sourceforge.net/p/radlib/bugs/2/ -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.12.0-kevinoid1 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages librad0 depends on: ii libc6 2.24-14 ii libsqlite3-0 3.19.3-3 librad0 recommends no packages. Versions of packages librad0 suggests: pn librad0-tools <none>
