Nicolas George wrote:
> Package: libgphoto2-2
> Version: 2.2.1-12
> Severity: grave
> Tags: security
>
> In /etc/udev/libgphoto2_generic_ptp_support.rules, there is the following
> rule:
>
> ACTION=="add", SUBSYSTEM=="usb_device", ENV{INTERFACE}="6/1/1", \
> PROGRAM="/bin/sh -c 'K=%k; K=$${K#usbdev}; printf bus/usb/%%03i/%%03i
> $${K%%%%.*} $${K#*.}'", \
> NAME="%c", MODE="0660", GROUP="plugdev"
>
> The single = sign after ENV{INTERFACE} means that the INTERFACE environment
> variable is set, not queried. The result is that all USB devices, and not
> only the PTP ones, are set to the plugdev group, thus giving some users
> access to devices they should not have access to.
>
> Suggested fix: put two equals signs
Sorry I could not handle this earlier. Unfortunately putting two
equal signs doesn't work.
Unfortunately while I thought I finally managed to get a udev rule
working for generic PTP cameras, it appears it is broken and I can
only suggest I remove it. This will be a regression with regards
to Sarge where hotplug was used but I can't see any other mean.
vorlon: would such an upload have chances to get into etch ?
Regards,
Frederic
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
