Hi, On Wed, Oct 29, 2008 at 12:20 PM, Bastian Blank <[EMAIL PROTECTED]> wrote: > It includes severe FHS violations and produces security problems with > this, see #475737 for reference.
I agree that it is a FHS violation that will be fixed in unstable and that we have lived with the problem in sarge and etch but I do not agree that it is a security problem. That is why I ask for an exception for lenny. Let me quote from the bug report: "... every web application has read access to /etc/otrs/database.pm which means it can create havoc in the database, install stored procedures and so on. Every other webapp with a database has the same problem - not only otrs. It is the duty of the local admin to make sure that the installation is safe. I do not understand what is so special about otrs..." "It is not hard to modify foreign databases when it comes to webapps that are executed by the same httpd user and BTW stored procedures are executed in the context of the postgres user." I am sorry that the FHS issue cannot be fixed easily but the bug report came very late before the freeze. Cheers, Torsten -- http://twerner.blogspot.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]