reassign 617938 debian-polic
severity 617938 normal
thanks
On Sat, Mar 12, 2011 at 09:25:58PM +0300, Vasiliy Kulikov wrote:
> Package: slrn
> Version: 1.0.0~pre16-1
> Severity: critical
>
> Directories /var/log/news/ and /etc/news/ have weird ownership -
> news:news. Some deb scripts use these directories as trusted and write
> to files located there, e.g. like this (from slrnpull.postinst):
>
> echo "$RET" > /etc/news/server
>
> These directories must not be writable by non-root as it might
> compromise root via specially crafted symlinks/hardlinks/etc. created by
> user or group "news".
>
> As these directories are not owned by a single package, but are created
> by each package, all packages owning files in these directories might be
> vulnerable:
>
> $ apt-file search /etc/news/ | cut -d: -f1 | uniq
> ifgate
> inn
> inn2
> inn2-inews
> innfeed
> leafnode
> slrn
> slrnpull
> uucpsend
>
> If I should report this bug another way as it affects multiple packages,
> please tell me how I should do it.
This is part of the Debian policy (11.7). I'm reassigning this to
debian-policy.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
