This patch will be useful, but there is a security problem in its current form. The qemu-user-static package installs binfmt-misc entries with "flags: OC", which makes the binary honor setuid bits.
Regardless of whether it is a good idea or not, the envvars ought to be ignored in such a case. Some clever checks using getresuid(), or just geteuid() and getuid() when getresuid() is not available, surely have to done. There is probably some existing code for this in other programs... Best regards, -- Yann -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
