Your message dated Sat, 6 Apr 2019 06:43:20 +0200
with message-id <34c069a3-16a1-ecf3-4f6c-1ab04be80...@debian.org>
and subject line apport was removed from Debian
has caused the Debian Bug report #924692,
regarding apport: /var/crash/.lock created insecurely
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
924692: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924692
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: apport
Version: 2.20.4-5
Tags: security
Apport tries to create /var/crash/.lock if doesn't exist already. But
/var/crash/ is world-writable, so a malicious local user could do:
ln -sf /nonexistent /var/crash/.lock
to prevent Apport from creating the lock file.
--
Jakub Wilk
--- End Message ---
--- Begin Message ---
Version: 2.20.4-5+rm
apport has been removed from Debian/experimental, it was never part of
unstable. See https://bugs.debian.org/924960 for details on the removal.
I'm therefore closing the remaining bugs.
Andreas
--- End Message ---
