The description given is somewhat incorrect. The escalation exists whether run with -F or not. 033_-F_NOSETSID disables running setsid in all cases. This means that running /etc/init.d/apache start and then not closing the terminal (and people do have long-running shells like this) leaves you vulnerable---this has been verified by richard thrippleton.
I've tested my patch and it both closes this vulnerability while still allowing use of apache with -F. Please could someone upload the NMU I linked to above. Thanks, Matt -- Matthew Johnson http://www.matthew.ath.cx/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
