Looking at http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commit;h=b7565b41228bea196cefa3a7d43ab67f8f9152e2 , one thing that's done that's missing from your debdiff is to install staprun without world execute privileges and instead limit execution to users in the stapusr group, to minimize the risk from future vulnerabilities. Do you think you could add that?
-- CVE-2010-4170 and CVE-2010-4171: staprun module loading/unloading security fixes https://bugs.launchpad.net/bugs/677226 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
