subject:"Bug#924693\: apport\: \/var\/crash\/.lock is world\-writable"

Bug#924693: apport: /var/crash/.lock is world-writable

2019-03-18 Thread Jakub Wilk

* Ritesh Raj Sarraf , 2019-03-18, 20:06: Do you use apport ? No. Or have interest for it in Debian ? Also no. -- Jakub Wilk

Bug#924693: apport: /var/crash/.lock is world-writable

2019-03-18 Thread Ritesh Raj Sarraf

On Fri, 2019-03-15 at 22:40 +0100, Jakub Wilk wrote: > Apport creates /var/crash/.lock as readable and writable for anyone: > ># ls -l /var/crash/.lock >-rwxrwxrwx 1 root root 0 Mar 15 22:30 /var/crash/.lock > > This allows malicious local users to do bad things: > > * They could fill up

Bug#924693: apport: /var/crash/.lock is world-writable

2019-03-15 Thread Jakub Wilk

Package: apport Version: 2.20.4-5 Tags: security Apport creates /var/crash/.lock as readable and writable for anyone: # ls -l /var/crash/.lock -rwxrwxrwx 1 root root 0 Mar 15 22:30 /var/crash/.lock This allows malicious local users to do bad things: * They could fill up the disk, bypassing