On Sun, Aug 12, 2001 at 08:47:12PM -0800, Ethan Benson wrote:
> Package: xinetd
> Version: 1:2.1.8.8.p3-2
> Severity: grave
> Tags: security woody
>
> This version of xinetd does NOT incorporate the 000 umask
> vulnerability patched in potato. To test this i created a fake telnet
> service which runs a shell script that echos the umask into a newly
> created file, the file was created mode 0666 and the umask written to
> the file was 0000. xinetd was stopped and started from a root shell
> having a 022 umask.
Gah, that was supposed to be Wichert's version of Solar Designer's version
of the fix that the upstream author used!
--
2. That which causes joy or happiness.
