tag 405510 unreproducible thanks Le jeudi 04 janvier 2007 à 05:02 +0200, Sami Liedes a écrit : > Package: eog > Version: 2.16.2-1 > Severity: grave > Tags: security > Justification: user security hole > > This is a user security hole only on systems where the package is > built. Sorry if this doesn't qualify it for the grave severity. > > The build process of eog sets the perms of the entire eog-$VERSION > subdirectory and all its subdirectories to 777 before compilation. > This allows a local attacker to do any nastiness to the source files > or scripts that subsequently get packaged in a .deb. The attacker can > also choose to run any code as the user building the package.
Sorry, but I can't reproduce it here, and eog isn't doing anything special with permissions. There is certainly something wrong with your setup. -- .''`. : :' : We are debian.org. Lower your prices, surrender your code. `. `' We will add your hardware and software distinctiveness to `- our own. Resistance is futile.
