[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#286392: autopoint: Insecure temporary directory usage
|
From: |
Santiago Vila |
|
Subject: |
Re: Bug#286392: autopoint: Insecure temporary directory usage |
|
Date: |
Wed, 22 Dec 2004 19:51:34 +0100 (CET) |
Hi.
Martin "Joey" Schulze, from the security team, agree with me that this
is not really a bug, in the sense that we should not be responsible
for the user's own stupidity.
I should have stopped reading the report when it said:
"For example, consider the possibility of a user with an `open' umask"
but I didn't. I apologize to bug-gnu-utils readers.
Javier, if you still think this is a bug, please convince the security
team before reopening. The default umask in Debian is 022.
If we wanted to "support" insecure umasks set by the user, we would
have to report "security bugs" like this one against nearly all
packages in the archive. I don't think that would be reasonable.
Thanks.
- Re: Bug#286392: autopoint: Insecure temporary directory usage,
Santiago Vila <=