2009/7/16 Nico Golde <n...@debian.org>: > This is not really a bug but a feature, you can disable it > editing /etc/slim.conf. However I agree this is not really a > nice feature in a default configuration. I think a big fat > note to README.Debian should be added to warn users of the > possible implications.
There doesn't seem to be anything in the source or the accompanying documentation that would suggest that the privilege elevation was intended or expected. (I just found another RC security bug in slim just by grepping for this. This time Debian-specific. Oh the joy...) I also find your suggestion horribly wrong on many levels. First, do you seriously believe that users should have to read and reread on upgrades the documentation of their, per average, 1000 installed packages just to keep their systems reasonably secure? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
