Comment 7 for bug 22052
Revision history for this message
|
|
#7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
On Tue, Sep 20, 2005 at 11:05:10AM +1000, Paul Szabo wrote:
> >> gnome-pty-helper can be made to write utmp/wtmp records with arbitrary
> >> DISPLAY (host) settings. I am not sure if it can be tricked into erasing
> >> existing records.
> > Why is this filed at severity: critical? What is the attack vector here
> > which permits root privilege escalation?
> I do not know any root escalation methods. When using reportbug, those
> options seemed to fit best, apologies if they were not; please change if
> appropriate. (For future reference: which options should I have used
> instead?)
Hmm... After rereading the definition at
<http://
for this bug to not fall under the description of 'critical', since the
security hole is present just from the installation of the package.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
<email address hidden> http://