"Brendan O'Dea" <[EMAIL PROTECTED]> wrote:
> ... there's more at stake here than just PATH, since perl for example has
> /usr/local/{lib,share}/perl earlier in @INC than /usr/{lib,share}/perl...
>
> I'm not sure what the emacs site-lisp search order is, but that may well
> provide a similar vector.
Thanks for pointing out those avenues of attack.
In your summary you seem to have missed that any machines that share user
files via writable NFS mounts are vulnerable. (Are vulnerable if you mount
an NFS filesystem that is writable to others.)
To keep the current group staff access and have a reasonably useful machine
(with users in group staff to make use of that access, or NFS mounts even
when there are no users in group staff), you would need to modify PATH in
base-files, @INC in perl, something in emacs, and possibly other things in
other packages. You would need to modify policy:
http://www.debian.org/doc/debian-policy/ch-opersys.html#s9.1.2
says
... /usr/local take precedence over the equivalents in /usr.
Could the settings
Severity: critical
Justification: root security hole
please be re-instated on this bug? In some common scenarios, current
arrangements allow root access. (The worst kind of "bug": mandated by
policy...)
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
