Package: gnupg Version: 1.4.6-2 Severity: serious gnupg binary is setuid root.
"ls -l /usr/bin/gpg -rwsr-xr-x 1 root root 837304 2007-03-07 23:16 /usr/bin/gpg" PROBLEMS 1) bugs in gnupg will potentially allow for rights-escalation by restricted users 2) Setuid flag was necessary for backwards-compatibilty with 2.4.x kernels which are no longer supported by etch anyway, the flag can therefore be removed SUGGESTION - remove suid flag for user with chmod u-s /usr/bin/gpg Users can fix this issue by themselves by running this command as root. - in order to find other setuid or setgid binaries type find / \( -perm -004000 -o -perm -002000 \) -type f -print Please note, that this error is architecture independent and that the information given below is only about where the error was verified. -- System Information: Debian Release: etch Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.23.8 -- This report was not filed by reportbug and may therefore not be 100% compliant with the debian requirements - I am sorry for inconvenience.
