Comment 74 for bug 13795

Message-Id: <email address hidden>
Date: Tue, 22 Mar 2005 14:37:14 +1100
From: <email address hidden>
To: <email address hidden>, <email address hidden>
Cc: <email address hidden>
Subject: Re: Bug#299007: base-files: Insecure PATH

> Could the settings
>>> Severity: critical
>>> Justification: root security hole
>>> please be re-instated on this bug? In some common scenarios, current
>>> arrangements allow root access.
>>
>> Could this be done, please, while we discuss (argue?) resolution?
>
> No, I think that would be far overstating the facts.

Are you sure there are no security issues, and absolutely sure there are no
root security holes, lurking in there?

I am tempted to publicize the issue on the BugTraq and FullDisclosure
mailing lists. Maybe I am wrong, and will suffer the humiliation of being
laughed at; or maybe I am right ...

(I know Matt thinks bugs.debian is public already, but it is quite obscure;
so the general public, Debian users, and other Linux/UNIX maintainers may
still be in the dark.)

Cheers,

Paul Szabo <email address hidden> http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia