> I agree to this, a maintainer-script shouldn't just write on random
> places on the filesystem.
> For instance, looking a bit better at the code, I think it has a serious
> security problem. What if a malicious would do the following:
>
> touch mydata.gwb
> ln -s /sbin/init mydata.update.gw
On Wed, 13 Apr 2005 07:34:31 +0200
Christian Perrier <[EMAIL PROTECTED]> wrote:
> Quoting Tim Dijkstra (tdykstra) ([EMAIL PROTECTED]):
>
> > All this unasked for. A maintainer script has no business messing
> > around with peoples data!
>
> It does not. It *adds* a xxx.update.gw file along with
Quoting Tim Dijkstra (tdykstra) ([EMAIL PROTECTED]):
> Package: geneweb
> Version: 4.10-6
> Severity: grave
>
>
> The prerm of geneweb finds files that it thinks are geneweb databases
> located everywhere on the system and starts altering them (updating,
> moving, etc).
updating: no
moving : no
Package: geneweb
Version: 4.10-6
Severity: grave
The prerm of geneweb finds files that it thinks are geneweb databases
located everywhere on the system and starts altering them (updating,
moving, etc).
All this unasked for. A maintainer script has no business messing around
with peoples data!
I
4 matches
Mail list logo
