This one time, at band camp, Thijs Kinkhorst said:
> > Last, would a patch like the attached one would do? I'm all but good in
> > Perl, so I might need help on that one.
>
> That would work indeed if you change the included module (and verify that
> that
> indeed also works, of course).
http:/
Hi Thomas,
On Tuesday 26 August 2008 08:17, Thomas Goirand wrote:
> Thijs Kinkhorst wrote:
> > First, I think it's always a good idea not to enable DEBUG by default.
>
> Sure, it's a mistake, I perfectly understand this.
>
> > Second, I don't think that it requires a "rewrite of the entire file" t
Thijs Kinkhorst wrote:
> First, I think it's always a good idea not to enable DEBUG by default.
Sure, it's a mistake, I perfectly understand this.
> Second, I don't think that it requires a "rewrite of the entire file" to fix
> it. Using PHP's tempnam() function to get the filenames instead of t
On Monday 25 August 2008 17:28, Thomas Goirand wrote:
> Second, do you guys think that setting the variable to DEBUG=0 by
> default, then writing a BIG BIG BIG warning next to it in the code is
> enough? Like: "WARNING: high security risk here if you set to DEBUG=1,
> high risk of symlink attack" t
Thijs Kinkhorst wrote:
> Hi,
>
>> Done as the mass-opening of symlink attack in /tmp was wrong in this case.
>
> I don't think closing this is the appropriate action. Sure, debug code is not
> top priority. But still, the fix is straghtforward and puts extra protection
> on those running in deb
Christian Perrier wrote:
> Quoting Thomas Goirand ([EMAIL PROTECTED]):
>
>> I'm closing this bug. If you find that it still needs to be fixed, let
>> me know and reopen the bug.
>
> But then set it to wishlist
>
> This MBF is one of the worse I've ever seen.
I'm reopening the issue, as ther
Thijs Kinkhorst wrote:
> Hi,
>
>> Done as the mass-opening of symlink attack in /tmp was wrong in this case.
>
> I don't think closing this is the appropriate action. Sure, debug code is not
> top priority. But still, the fix is straghtforward and puts extra protection
> on those running in deb
Quoting Thomas Goirand ([EMAIL PROTECTED]):
> I'm closing this bug. If you find that it still needs to be fixed, let
> me know and reopen the bug.
But then set it to wishlist
This MBF is one of the worse I've ever seen.
signature.asc
Description: Digital signature
Hi,
> Done as the mass-opening of symlink attack in /tmp was wrong in this case.
I don't think closing this is the appropriate action. Sure, debug code is not
top priority. But still, the fix is straghtforward and puts extra protection
on those running in debug mode. Besides, people tend to cop
Processing commands for [EMAIL PROTECTED]:
> reopen 496362
Bug#496362: The possibility of attack with the help of symlinks in some Debian
packages
Bug reopened, originator not changed.
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking
reopen 496362
thanks
DBTS> Done as the mass-opening of symlink attack in /tmp was wrong in this case.
Why wrong?
{
my $ent = shift;
if ($ent->head->mime_type eq 'message/rfc822') {
if ($DEBUG) {
unlink "/tmp/spam.log.$$" if -e "/tmp/spam.log.$$
Dmitry E. Oboukhov wrote:
> Package: dtc-common
> Severity: grave
>
> Hi, maintainer!
>
> This message about the error concerns a few packages at once. I've
> tested all the packages (for Lenny) on my Debian mirror. All scripts
> of packages (marked as executable) were tested.
>
> In some
Package: dtc-common
Severity: grave
Hi, maintainer!
This message about the error concerns a few packages at once. I've
tested all the packages (for Lenny) on my Debian mirror. All scripts
of packages (marked as executable) were tested.
In some packages I've discovered scripts with errors w
13 matches
Mail list logo
