Bug#334764: marked as done (type1inst creates Fontmap and fonts.scale with 755 permissions)

Wed, 16 Apr 2008 15:24:47 -0700 

Your message dated Wed, 16 Apr 2008 23:21:04 +0100
with message-id <[EMAIL PROTECTED]>
and subject line type1inst has been removed from Debian, closing #334764
has caused the Debian Bug report #334764,
regarding type1inst creates Fontmap and fonts.scale with 755 permissions
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
334764: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334764
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: type1inst
Version: 0.6.1-4
Severity: minor


Though it doesn't affect normal use, I'm a little nervous about the
creation of root-owned files with execute permissions.  It seems to me
these files should have 644 rather than 755 permissions.

If somehow a malicious user could overwrite these files with a script,we
could have a potential security problem here.

I'd suggest changing the "system" commands that start out "chmod 755
..." to "chmod 644 ..." instead.  Is there any reason for having execute
permission on these files?  I can't see one.

                -- A. T. Young

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-k7
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages type1inst depends on:
ii  groff              1.18.1.1-7            GNU troff text-formatting system
ii  perl               5.8.4-8               Larry Wall's Practical Extraction 
ii  xutils             4.3.0.dfsg.1-14sarge1 X Window System utility programs

-- no debconf information

--- End Message ---
--- Begin Message --- 
Version: 0.6.1-6

The type1inst package has been removed from Debian testing, unstable and
experimental, so I am now closing the bugs that were still opened
against it.

For more information about this package's removal, read
http://bugs.debian.org/158476 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

--
Marco Rodrigues

http://Marco.Tondela.org

--- End Message ---

Reply via email to