Package: makejail Version: 0.0.5-7 Severity: serious makejail defines as a default: self.pathToLdConfig="/sbin/ldconfig"
On Ubuntu this is not the real ldconfig but a bash shell script. Therefore the config should point to self.pathToLdConfig="/sbin/ldconfig.real". Otherwise a bash shell will be introduced into *all* jails, introducing a completely unnecessary security risk. This also violates Debian's secure by default policy. That's what we wanted to avoid when creating a jail in the first time, didn't we? ;-) -- System Information: n/a -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
