Re: RfD: Preparing Debian 2.1r3
Martin Schulze wrote:
> package: bsdgames-nonfree
> version: 2.5-2
> minor bugfix, doesn't fit update criteria
It's actually a very very minor security fix. If you:
* have basdgames-nonfree installed, but have set rogue non-sgid games and
* upgrade to a newer version
Then it would be sgid games for a minute in the window after the install and
before the postinst changes it back to the permissions you set, and if there
is a problem with it being sgid games, an attacker could exploit that in the
window.
Anyway, all packages in stable that use suidregister have this problem, and
I wouldn't lose much sleep over it.
--
see shy jo
Reply to: