On Tue, Mar 08, 2005 at 05:03:11PM +0100, Wouter Verhelst wrote:
> Op za, 05-03-2005 te 22:56 -0800, schreef Matt Zimmerman:
> > On Sat, Mar 05, 2005 at 03:34:58PM +0100, Christian Perrier wrote:
> >
> > > Security and release teams, may I have your advice about this suggestion?
> > >
> > > As yo
Wouter Verhelst, le mar 08 mar 2005 17:03:11 +0100, a dit :
> Op za, 05-03-2005 te 22:56 -0800, schreef Matt Zimmerman:
> > On Sat, Mar 05, 2005 at 03:34:58PM +0100, Christian Perrier wrote:
> >
> > > Security and release teams, may I have your advice about this suggestion?
> > >
> > > As you may
Op za, 05-03-2005 te 22:56 -0800, schreef Matt Zimmerman:
> On Sat, Mar 05, 2005 at 03:34:58PM +0100, Christian Perrier wrote:
>
> > Security and release teams, may I have your advice about this suggestion?
> >
> > As you may know, I currently act as maintainer for the shadow package,
> > but I'm
On Sun, Mar 06, 2005 at 05:24:06PM -0800, Matt Zimmerman wrote:
> On Sun, Mar 06, 2005 at 04:34:32PM -0800, Joey Hess wrote:
> > Has anyone looked at shadow's existing changelog?
> > * /bin/login is suid root for several good reasons. For one, it allows
> > daemons that use it to run as non
Christian Perrier wrote:
> Security and release teams, may I have your advice about this suggestion?
>
> As you may know, I currently act as maintainer for the shadow package,
> but I'm also aware of my own weaknesses when it comes at security (and
> security-related) issues so I prefer getting th
On Sun, Mar 06, 2005 at 10:19:08PM -0800, Joey Hess wrote:
> Matt Zimmerman wrote:
> > I'm more than willing to consider telnetd a legacy, insecure-by-design
> > component for which it is justified to require a non-default configuration.
>
> , my multiple uses of telnetd are all secure. :-P
I ju
Quoting Joey Hess ([EMAIL PROTECTED]):
> Has anyone looked at shadow's existing changelog?
Honestly, no..:-)
> see shy jo (hurrah for changelog abuse!)
Yep. Sometimes this helps especially for packages where Debian
specific changes are noticeable.
Well, about this issue, I think I'll delay this
Matt Zimmerman wrote:
> I'm more than willing to consider telnetd a legacy, insecure-by-design
> component for which it is justified to require a non-default configuration.
, my multiple uses of telnetd are all secure. :-P
--
see shy jo
signature.asc
Description: Digital signature
On Sun, Mar 06, 2005 at 04:34:32PM -0800, Joey Hess wrote:
> Has anyone looked at shadow's existing changelog?
>
> * /bin/login is suid root for several good reasons. For one, it allows
> daemons that use it to run as non-root. This is a good thing since it
> means only one program is r
Has anyone looked at shadow's existing changelog?
* /bin/login is suid root for several good reasons. For one, it allows
daemons that use it to run as non-root. This is a good thing since it
means only one program is running as root, and not several. closes: #17911
-- Ben Collins <[EMA
explain why this is actually useful
(since no one else can think of a reason).
--
Steve Langasek
postmodern programmer
> - Forwarded message from Martin Pitt <[EMAIL PROTECTED]> -
>
> Subject: Bug#298060: Please don't install login as setuid root
> Reply-To: Martin
> (what does this have to do with debian-release?)
Because I was wondering whether such change would be appropriate to
have in sarge and I wanted to get the wise advice of our release
managers...:)
--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? C
On Sun, Mar 06, 2005 at 05:10:59AM -0600, Bill Allombert wrote:
> On Sat, Mar 05, 2005 at 10:56:45PM -0800, Matt Zimmerman wrote:
> > FWIW, We've been doing this for some time in Ubuntu, and no one has
> > missed it. In this age of pseudoterminals and single-user systems...
>
> Because that is t
On Sat, Mar 05, 2005 at 10:56:45PM -0800, Matt Zimmerman wrote:
> On Sat, Mar 05, 2005 at 03:34:58PM +0100, Christian Perrier wrote:
>
> > Security and release teams, may I have your advice about this suggestion?
> >
> > As you may know, I currently act as maintainer for the shadow package,
> > b
On Sat, Mar 05, 2005 at 03:34:58PM +0100, Christian Perrier wrote:
> Security and release teams, may I have your advice about this suggestion?
>
> As you may know, I currently act as maintainer for the shadow package,
> but I'm also aware of my own weaknesses when it comes at security (and
> secu
On Sat, Mar 05, 2005 at 03:34:58PM +0100, Christian Perrier wrote:
> Security and release teams, may I have your advice about this suggestion?
>
> As you may know, I currently act as maintainer for the shadow package,
> but I'm also aware of my own weaknesses when it comes at security (and
> secur
#298060: Please don't install login as setuid root
Reply-To: Martin Pitt <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Date: Fri, 4 Mar 2005 12:39:11 +0100
From: Martin Pitt <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Package: login
Version: 1:4.0.3-30
Package: login
Version: 1:4.0.3-30.9
Severity: wishlist
Tags: patch
Hi!
/bin/login is currently installed setuid root, which is absolutely not
necessary and only a potential security threat. In Ubuntu we install
it as 0755 for ages now without any problems.
Trivial patch, but for the record:
18 matches
Mail list logo
