Please remove secvpn source and binary
Bug #154730 reported by
Scott Kitterman
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
secvpn (Ubuntu) |
Triaged
|
Wishlist
|
Scott Kitterman |
Bug Description
Binary package hint: secvpn
secvpn | 2.21 | hardy/universe | source, all
This package appears to be broken, obsolete, and have a very poor security design. While looking into fixing Bug #152968, I noticed that in addition to still needing the long gone /etc/inittab, it also does interesting things like add its user to the sudoers group.
It looks to me like the init process, including setuid will have to be completely redone. Please have a look at this package and unless you think it can reasonably be made safe and funcitonal, remove it. There are plenty of other options in the repostories.
Changed in secvpn: | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
Changed in secvpn: | |
assignee: | nobody → kitterman |
status: | Incomplete → In Progress |
To post a comment you must log in.
could you try to talk to the debian maintainer if it's broken if would makes sense to get it removed there as well and would simply the work for Ubuntu