Package: busybox Version: 1:1.20.0-7 Severity: important Tags: security patch upstream fixed-upstream pending
When device node or symlink in /dev should be created inside 2-or-deeper subdirectory (/dev/dir1/dir2.../node), the intermediate directories are incorrectly created with mode 0777, which is an obvious security issue. mdev is an alternative for udev, but since udev is used almost universally, and many packages depend on it, mdev isn't used often. Also, subdirs of more than one level are not common, especially with mdev which, unlike udev, has limited "language" to construct filenames/symlinks, so often, when mdev is used, a task of creating device nodes with complex names is implemented using an external script instead. However it is important to fix this to avoid surprizes. The issue has been fixed upstream in commit 4609f477c7e043a4f6147dfe6e86b775da2ef784. -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130301084436.9719.88191.reportbug@gandalf.local
