Package: phoronix-test-suite Version: 4.6.0-1 Severity: critical Tags: security Justification: root security hole
Hi. The only way to operate PTS seems to be by installing the respective tests from OpenBenchmarking.org, right? Given that this introduces completely unchecked and untrusted software, for which moreover no security support is covered by Debian,... this package should IMHO give big warnings about that fact, at least: - in the package description and- - in a debconf dialogue. Marking as root security hole, even though the software runs probably as normal user, but such remote software could expoloit any further local security hole. Cheers, Chris. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
