Your message dated Mon, 3 Oct 2016 09:17:41 +0200
with message-id <[email protected]>
and subject line Re: [pkg-fgfs-crew] Bug#780867: Bug#780867: flightgear:
further restrict nasal permissions
has caused the Debian Bug report #780867,
regarding flightgear: further restrict nasal permissions
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
780867: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780867
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: flightgear
Version: 3.0.0-5
Severity: important
Tags: confirmed
Hi,
as discovered by Adam D. Barratt, FlightGear's script language Nasal
could better sandbox the scripts executed:
* write access to /tmp/*.xml is likely unneeded, see the upstream
discussion, here:
http://sourceforge.net/p/flightgear/mailman/message/33619992/
* symlinks are followed, which allows breaking out of the permitted
directories with a proper symlink.
This mostly serves as a reminder and tracking bug for myself.
Regards
Markus Wanner
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Control: fixed -1 1:2016.2.1+dfsg-1
This has been fixed upstream since the 2016.x release.
Regards
Markus Wanner
signature.asc
Description: OpenPGP digital signature
--- End Message ---
