Re: Dependency reciprocity : real world problem with httpd and httpd-suexec

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

>The problem is that during the transaction, httpd-suexec (which got pulled 
>in as a dependency) got installed first, outputting the message "apache 
>group doesn't exist, using root"... BAD!

Really bad. I would think this bug needs fast attention. If you download a
package from a 3rd party that has buffer overflows and is setgid, you now have a
buggy program with buffer overflows running as root. Any setgid installation that
fails should never revert to root, it should fail immediately and let the admin
take care of it.

Was this filed in bugzilla?

-Steve Grubb


		
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux