On 16 March 2011 03:40, sean finney <sean...@debian.org> wrote: > On Wed, Mar 16, 2011 at 09:27:29AM +0000, Stephane Chazelas wrote: >> No, please look carefully. It's not "passwd" that's the >> symlink, it's foo (to /etc). rm would remove >> /var/lib/php5/foo/passwd, that is it would unlink the "passwd" >> entry from the directory pointed to by "foo", that is "/etc". > > oh, right. well good catch then, i guess we'll need to prepare > a stable security update...
Yes, I'm on it. For sid I'm inclined to make /var/lib/php5 uid: root, gid: www-data, and remove the world-rw mode. Why would we want to allow anyone else to use that dir anyway? perhaps I'm missing some bits of history. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
