.
What would you all think about packaging libmozjs185 and use it in
Debian too? Of course this code duplication makes long-term security
support more complicated.
Thanks,
--
.''`. Josselin Mouette
: :' :
`. `'
`-
--
To UNSUBSCRIBE, email to debian-security-requ...@l
rontend
and the backend instead. This way the backend doesn’t have to be
installed setuid root, and the user is authenticated before starting it.
Cheers,
--
.''`. Josselin Mouette
: :' :
`. `' “I recommend you to learn English in hope that you in
`- future understan
Le samedi 24 janvier 2009 à 15:39 +, Matthew Johnson a écrit :
> > Clearly that’s not the case, since the original issue happens over
> > D-Bus. In this case, not for authentication, but clearly the application
> > launched as root can connect to the session bus.
>
> Well, clearly something el
Le samedi 24 janvier 2009 à 10:05 +, Matthew Johnson a écrit :
> Well, if they are using DBUS this should be fine. You cannot connect to
> a session bus with a uid other than the one it is running as (including
> root)
Clearly that’s not the case, since the original issue happens over
D-Bus. I
Le samedi 24 janvier 2009 à 11:00 +0100, Reinhard Tartler a écrit :
> Well, then how about gnome-keyring or other applications not expecting
> that behaviour should then check the effective user id in addition to
> the session cookie in the environment variable?
>
> In any case, this behaviour sho
Le samedi 24 janvier 2009 à 09:04 +0100, Reinhard Tartler a écrit :
> the latter command indeed prunes the environment, and calling
>
> su -c gnome-terminal -
>
> sucessfully fails (heh) with failing to open a display. whats the
> problem here?
"su -" is actually pruning the environment as it s
Hi,
it has been brought to my attention (through #512803) that su does not
clean the environment at all. This has several security implications:
* variables like PERL5LIB or GTK_MODULES can be passed to another
user, leading to unwanted execution of code;
* variables like DBUS_
/etc/sudoers, which might be required for some scripts to continue to
> work.
How about the XAUTHORITY environment variable ? Isn't it necessary to
run X11 applications?
Regards,
--
.''`. Josselin Mouette/\./\
: :' : [EMAIL PROTECTED]
`. `'
On jeu, 2004-08-05 at 15:00 +0200, Norbert Tretkowski wrote:
> * Josselin Mouette wrote:
> > On mer, 2004-08-04 at 19:10 -0700, Matt Zimmerman wrote:
> > > For the unstable distribution (sid), these problems will be fixed
> > > soon.
> >
> > I've just u
r/lib/mozilla/components/libimglib2.so is not dynamically
linked with libpng, but still includes code from it.
(please CC me, I'm not on the list)
--
.''`. Josselin Mouette/\./\
: :' : [EMAIL PROTECTED]
`. `'[EMAIL PR
10 matches
Mail list logo