Denis Barbier <[EMAIL PROTECTED]> writes: > > On Tue, 14 Mar 2000, Dylan Paul Thurston wrote: > > > On Tue, Mar 14, 2000 at 01:11:03PM +0100, Stephane Bortzmeyer wrote: > > > Since the teTeX in slink works fine and the one is potato is broken > > > (a bug in babel which prevents compilation of *every* document in > > > French), I prefer the old stuff. > > > > Surely that should be an important bug (#42698)? In fact, browsing > > the bugs against tetex-base, several of them seem important, including > > at least one security bug (#57746, same as #32652). Should I upgrade > > them? Unfortunately, the security bug seems non-trivial to fix. > > Where is this security flaw? > There has been no response to the question asked by Christoph Martin on > 1 Feb 1999 > <URL:http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=32652> >
We discussed that issue widely in the past. There is no real risc in having this directories world writable. If only ths ls -lR file is not writable. This file is updated from cron every night and we are working on a suid-script which can do it from users. Christoph -- ============================================================================ Christoph Martin, Uni-Mainz, Germany Internet-Mail: [EMAIL PROTECTED] --------------export-a-crypto-system-sig -RSA-3-lines-PERL------------------ #!/usr/bin/perl -sp0777i<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<j]dsj $/=unpack('H*',$_);$_=`echo 16dio\U$k"SK$/SM$n\EsN0p[lN*1 lK[d2%Sa2/d0$^Ixp"|dc`;s/\W//g;$_=pack('H*',/((..)*)$/) #what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/