Package: dchroot Severity: whishlist dchroot invokes /bin/su with the original environment and EUID = UID = 0. There is a slight potential that this might trigger harmful behavior because to su, it looks as if it was run by root, and not like a SUID invocation from an untrusted user.
Fortunately, all the critical LD_* variables are filtered by GNU libc in a blacklist, so this is not directly exploitable. But it's better to play safe, IMHO (see the sudo problems in this area). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
