Package: links2 Version: 2.1pre37-1.1 Severity: critical Justification: root security hole Tags: security
*** Please type your report below this line *** I chown links.cfg in users .links2 directory to root:root. I set up proxy to 127.0.0.1:8080 for filtering. I set permisions on links.cfg to -for example- 100600. When a user changes proxy settings by the links2 menu options, the links.cfg file ownership changes to the user and permissions are also overewritten. -- System Information: Debian Release: 5.0.1 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
