Package: ncpfs Severity: serious ncpmount is suid root. A quick check through last patches for security problems and the code itself don't make me believe this is save.
The code uses weird checks including calls to clone(2). As ncp is mostly dead this is unlikely to change. I think it is best to remove the suid flag for now and if noone wants to do anything about it drop the package. Bastian -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
