*** This bug is a security vulnerability ***
You have been subscribed to a public security bug by Marc Deslauriers
(mdeslaur):
Binary package hint: dpkg
Hy,
First, thank you for your work and sorry for my limited English.
I find many debian package on internet, They are make by users passionate
persons or by communities.
The problem it is because many make a package by using the command :
sudo dpkg-deb -b '/home/soft_version_all'
But when the package is made like this, and it is installed, the typical
user can modify its files in /
I think the default package files should be writable only by root
because many do not think to change the user or to chmod before use
dpkg.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: dpkg 1.15.5.6ubuntu4
ProcVersionSignature: Ubuntu 2.6.32-22.36-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic x86_64
NonfreeKernelModules: nvidia
Architecture: amd64
Date: Thu Jun 17 14:57:15 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release amd64 (20100429)
ProcEnviron:
LANG=fr_FR.utf8
SHELL=/bin/bash
SourcePackage: dpkg
** Affects: dpkg (Ubuntu)
Importance: Undecided
Status: New
--
Package with dpkg-deb -b.
https://bugs.edge.launchpad.net/bugs/595480
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
