[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Dependency reciprocity : real world problem with httpd and httpd-suexec



>The problem is that during the transaction, httpd-suexec (which got pulled 
>in as a dependency) got installed first, outputting the message "apache 
>group doesn't exist, using root"... BAD!

Really bad. I would think this bug needs fast attention. If you download a
package from a 3rd party that has buffer overflows and is setgid, you now have a
buggy program with buffer overflows running as root. Any setgid installation that
fails should never revert to root, it should fail immediately and let the admin
take care of it.

Was this filed in bugzilla?

-Steve Grubb


		
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]