Martin Schulze wrote:
Joey Hess wrote:
If the security team wants to release an advisory for sarge and include
this update to base-config instead of a manual chmod command, that's
fine. base-config is the owner of record for the log files in sarge,
after all.
What would be the proper fix to
Joey Hess wrote:
Yes, the installation-report package owns the logs post sarge. In sarge,
purging base-config will remove the logs, but users may not want to do
that.
Great, but may I propose that base-config adopts installation logs in
sarge?
At least this patch seems quite simple. It just
Mikko Rapeli wrote:
Joey Hess wrote:
Yes, the installation-report package owns the logs post sarge. In sarge,
purging base-config will remove the logs, but users may not want to do
that.
Great, but may I propose that base-config adopts installation logs in
sarge?
At least this patch
Joey Hess wrote:
Mikko Rapeli wrote:
Joey Hess wrote:
Yes, the installation-report package owns the logs post sarge. In sarge,
purging base-config will remove the logs, but users may not want to do
that.
Great, but may I propose that base-config adopts installation logs in
sarge?
Martin Schulze wrote:
What would be the proper fix to this? Does only fixing base-config make
the bug go away for both new installations and existing installations?
On my machines base-config seems to be purged, on some others it has
status rc, which is not better either.
I'm sorry, I had
Joey Hess wrote:
Mikko Rapeli wrote:
Part b) could be fixed by using a stricter umask or plain cp instead of
'cp -a' in Sarge's 93save-install-log and Etch beta 1's 93save-debconf
( URL:
The genext2fs upload I am preparing fixes the permission problems. It
is current upstream cvs which is similar to what the upcoming 1.4
release will be.
The new version uses a new device table format. It looks to me like
debian-installer does not use the device table (instead it uses
Mikko Rapeli wrote:
So all files after install belong to some package post Sarge? I was just
wondering about this by my self.
Yes, the installation-report package owns the logs post sarge. In sarge,
purging base-config will remove the logs, but users may not want to do
that.
Installer may
tag 340981 - sarge
clone 340981 -1
reassign -1 genext2fs
severity -1 serious
retitle -1 genext2fs does not preserve file permissions in generated image
merge 338262 338263 -1
reassign 340981 prebaseconfig
close 340981 1.10
Mikko Rapeli wrote:
a) debian-installer root has very permissive
Package: debian-installer
Version: 20051026
Tags: security,sarge
debian-installer in Sarge leaves the directory
/var/log/debian-installer/cdebconf world writable:
# ls -ld `locate debian-installer | grep cdebconf`
drwxrwxrwx 2 root root4096 Sep 23 17:54
10 matches
Mail list logo