e single user anyway.
> >
> > Kind regards
> >
> > Andreas.
> >
> > [1] https://bugs.debian.org/825119
> >
> > ----- Forwarded message from Andreas Beckmann -----
> >
> > Date: Tue, 24 May 2016 18:19:04 +0200
>
n.org
Subject: Re: Bug#825119: jmodeltest: creates world writable /var/log/jmodeltest
On 2016-05-24 17:10, Andreas Tille wrote:
> Hi Andreas,
>
> thanks for running these tests. Could you be please be more verbose in
> how far it is a problem if a program enables users to write logs on a
&
On 2016-05-24 21:32, Andreas Tille wrote:
>> Perhaps you want 1777?
>
> Would you consider this a fix for the bug?
That will at least silence piuparts (a world writable directory with
sticky bit is accepted).
I leave it to you whether you want to escalate the "insecure tempfile
creation" as a se
On Tue, May 24, 2016 at 06:19:04PM +0200, Andreas Beckmann wrote:
> On 2016-05-24 17:10, Andreas Tille wrote:
> > Hi Andreas,
> >
> > thanks for running these tests. Could you be please be more verbose in
> > how far it is a problem if a program enables users to write logs on a
> > collective pla
On 2016-05-24 17:10, Andreas Tille wrote:
> Hi Andreas,
>
> thanks for running these tests. Could you be please be more verbose in
> how far it is a problem if a program enables users to write logs on a
> collective place which is the intention of enabling users to write
> there?
>
> I confirm t
Hi Andreas,
thanks for running these tests. Could you be please be more verbose in
how far it is a problem if a program enables users to write logs on a
collective place which is the intention of enabling users to write
there?
I confirm that its possible for other users to delete / change logs.
Package: jmodeltest
Version: 2.1.10+dfsg-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package creates/ships a world
writable directory.
>From the attached log (scroll to the bottom...):
2m4.4s DEBUG: Starting command: ['c
7 matches
Mail list logo
