On Sat, Apr 12, 2008 at 05:52:17PM +0200, Helmut Grohne wrote: > Package: tss > Version: 0.8.1-3 > Severity: critical > Tags: security > Justification: root security hole > > tss has a setuid binary. The source code is src/main.c: > > sprintf(glob_string, "%s/.tss/*", getenv("HOME")); > > (before dropping setuid, needless to say) ---end quoted text---
-- أحمد المحمودي (Ahmed El-Mahmoudy) Digital design engineer SySDSoft, Inc. GPG KeyID: 0x9DCA0B27 (@ subkeys.pgp.net) GPG Fingerprint: 087D 3767 8CAC 65B1 8F6C 156E D325 C3C8 9DCA 0B27 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]