On Tue, 27 Nov 2007 15:57, [EMAIL PROTECTED] said: > Severity: serious
I doubt that this is a serious problem. The option to install gpg suid(root) has been there for nearly a decade. gpg is diligent to drop suid as soon as possible (after mlock and even before parsing options) and even checks that this has been done before doing any file access. > 1) bugs in gnupg will potentially allow for rights-escalation by restricted > users Right, problems should be minimized if possible. > 2) Setuid flag was necessary for backwards-compatibilty with 2.4.x kernels > which are no longer supported by etch anyway, the flag can therefore be > removed If this is the case, it should not be installed suid anymore. Salam-Shalom, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
