*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Marc Deslauriers (mdeslaur):
Binary package hint: dpkg Hy, First, thank you for your work and sorry for my limited English. I find many debian package on internet, They are make by users passionate persons or by communities. The problem it is because many make a package by using the command : sudo dpkg-deb -b '/home/soft_version_all' But when the package is made like this, and it is installed, the typical user can modify its files in / I think the default package files should be writable only by root because many do not think to change the user or to chmod before use dpkg. ProblemType: Bug DistroRelease: Ubuntu 10.04 Package: dpkg 1.15.5.6ubuntu4 ProcVersionSignature: Ubuntu 2.6.32-22.36-generic 2.6.32.11+drm33.2 Uname: Linux 2.6.32-22-generic x86_64 NonfreeKernelModules: nvidia Architecture: amd64 Date: Thu Jun 17 14:57:15 2010 InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429) ProcEnviron: LANG=fr_FR.utf8 SHELL=/bin/bash SourcePackage: dpkg ** Affects: dpkg (Ubuntu) Importance: Undecided Status: New -- Package with dpkg-deb -b. https://bugs.edge.launchpad.net/bugs/595480 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs