Package: console-setup
Version: 1.33
Severity: grave
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu karmic
While merging console-setup 1.33 into Ubuntu, I happened to notice that
debian/config.proto contains a few instances of code like this:
echo unsupported_layout=$unsupported_layout >>/tmp/cslog # asdf
We can't leave this sort of thing in packages uploaded to the archive,
IMO; that means that any local user on a system they know is likely to
be upgraded soon can create a symlink called /tmp/cslog and have root
overwrite any file they like. (Admittedly they can only get root to
write out rather specific text to that file, but it would still be
enough to break the system if they just wanted to be randomly
destructive.)
Anton, I'm filing this bug rather than just correcting it because I'm
not sure what you want to achieve here. Was it just code you committed
by accident, or do you explicitly want to have extra logging in the
package? If the latter, I'd suggest perhaps calls to logger(1) guarded
by an environment variable.
Thanks,
--
Colin Watson [cjwat...@ubuntu.com]
--
To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
