Hi Yavor, On Mon, Nov 23, 2009 at 09:45:58PM +0200, Yavor Doganov wrote: > At Thu, 19 Nov 2009 11:26:39 -0500, > Barry deFreese wrote: > | avifile-utils: setuid-binary usr/bin/kv4lsetup 4755 root/root > but this override was added by the original maintainer (also > upstream), which of course doesn't mean it's right.
I had a short look at the program in question. It looks well written in that it tries hard to validate all user input and avoid race conditions. On the other hand I did not check all the xlib calls and do not know the implications of all those ioctls. Hope that helps Helmut PS: If in doubt always ask the security team or at least use the debian-au...@shellcode.org mailing list for questions. -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
