On Tue, 2009-03-02 at 10:00 -0500, Yaroslav Halchenko wrote: > > It is a PITA for development but ... > hm... sorry, but I don't see the actual point...
It's actually quite easy for someone in the 'staff' group to get root privileges ... I told secur...@debian.org on Sunday exactly how and exactly how to fix it but no-one got back to me about whether they care. It also requires some social engineering but nothing that would be suspicious. Anyhow, I'm writing stuff to do sysadmin so for me that's the point. Because /usr/local comes first in the default perl and python paths the 'staff' group is automatically trusted ... and I'm not so trusting. -- --gh -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
