Package: lessdisks-terminal Version: 0.5.3cvs.20040906-11 Severity: important Tags: patch
when lessdisks terminals mount a writeable filesystem using tmpfs (the default), which mounts the directory (/var/state/lessdisks by default) with very loose permissions- allowing any user to write to the directory... not real likely, but a possible security risk. attached patch should fix this issue. live well, vagrant -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i586) Kernel: Linux 2.6.8-2-386 Locale: LANG=es_US, LC_CTYPE=es_US (charmap=ISO-8859-1)
--- base/init.d-scripts/lessdisks.orig 2005-02-23 22:00:25.000000000 -0800
+++ base/init.d-scripts/lessdisks 2005-02-23 22:00:46.000000000 -0800
@@ -47,7 +47,7 @@
ramfs) mount -t ramfs -o rw $rw
echo "mounting ramfs on $rw"
;;
- tmpfs) mount -t tmpfs -o rw,size=$tmpfs_size tmpfs $rw
+ tmpfs) mount -t tmpfs -o rw,size=$tmpfs_size,mode=0755 tmpfs $rw
echo "mounting tmpfs on $rw"
;;
translucency) ;;
signature.asc
Description: Digital signature
