Package: rssh Version: 2.2.3-1.sarge.1 Severity: normal The included chroot making script copies /etc/passwd, which is potentially sensitive information (containing information about local users which maybe should not be shown to less-trusted people in a restricted environment), into the chroot. At the least I believe that it should print a warning indicating that it is doing this.
-- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-3-k7 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages rssh depends on: ii debconf 1.4.30.13 Debian configuration management sy ii ssh 1:3.8.1p1-8.sarge.4 Secure rlogin/rsh/rcp replacement -- debconf information: * rssh/chroot_helper_setuid: true * rssh/secnote: rssh/update-10: rssh/update-config-pre-2.2: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
