Package: liblockdev1 Version: 1.0.1-3 Severity: important Hi,
liblockdev creates device lockfiles with full permissions using umask(00). A quote from the changelog: > * added change in umask value to allow full permissions to lock > files. (this is questionable: would it be better to add a > suid program to check and remove dangling locks?) This is in fact questionable and even useless as the directory /var/lock/ is ususally sticky. So only root can delete foreign dangling locks anyway. Suggestion: Remove umask(2) calls and leave removal of foreign dangling locks to the system admin. -- System Information Debian Release: testing/unstable Kernel Version: Linux electra 2.4.10-686 #1 Sat Sep 29 19:30:50 EST 2001 i686 unknown Versions of the packages liblockdev1 depends on: ii libc6 2.2.4-3 GNU C Library: Shared libraries and Timezone
