The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Draft: Security Alert Announce#1 Debian/GNU Linux#

To: Juergen Menden <menden@informatik.tu-muenchen.de>
Subject: Re: Draft: Security Alert Announce#1 Debian/GNU Linux#
From: Sven Rudolph <sr1@os.inf.tu-dresden.de>
Date: Thu, 31 Oct 1996 13:04:35 +0100
Cc: maor@ece.utexas.edu, debian-private@lists.debian.org, menden@papa.informatik.tu-muenchen.de
Importance: low
In-reply-to: Juergen Menden's message of Thu, 31 Oct 1996 11:54:38 +0100 (MET)
Priority: non-urgent
References: <199610302359.AAA27296@os.inf.tu-dresden.de> <Pine.GSO.3.95.961031113244.7754A-100000@koma.informatik.tu-muenchen.de>
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"VqvU3.0._y5.GZ9Uo"@master.debian.org>
Resent-reply-to: debian-private@lists.debian.org
Resent-sender: debian-private-request@lists.debian.org

In article <Pine.GSO.3.95.961031113244.7754A-100000@koma.informatik.tu-muenchen.de> Juergen Menden <menden@informatik.tu-muenchen.de> writes:

> On Thu, 31 Oct 1996, Sven Rudolph wrote:
> > 
> > However it is easier for me to release a new package that is
> > inherently more secure than to fix a package 
> 
> well, i might be kassandra, but how can you do this? i mean
> "inherently more secure" isn't something which i would try
> to say about any software with more then 100 lines and which
> isn't verified useing mathematical methods, which i doubt
> have been used.

LPRng does not run as root, whereas lpr does. So even if you find a
bug in LPRng that causes it to run another program you won't get any
root priviliges.

Regarding CERT: Our job is to have it fixed before CERT Alerts
appear. After all, CERT isn't that fast ...

> > (This wasn't the first lpr security problem ...)
> 
> which means that now it has a lot possible security
> holes closed and secured.

It still runs as root. Which is unnecessary.

> > Currently I have one incompatibility that I couldn't solve: LPRng
> > seems to behave slightly differently when driving output filters, this
> > causes problems with netatalk.
> 
> and might break apsfilter or magicfilter? 

It works fine here with magicfilter and cti-ifhp.

	Sven
-- 
Sven Rudolph <sr1@inf.tu-dresden.de> ; WWW : http://www.sax.de/~sr1/

--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Follow-Ups:
- Re: Draft: Security Alert Announce#1 Debian/GNU Linux#
  - From: Juergen Menden <menden@informatik.tu-muenchen.de>

References:
- Re: Draft: Security Alert Announce#1 Debian/GNU Linux#
  - From: Sven Rudolph <sr1@os.inf.tu-dresden.de>
- Re: Draft: Security Alert Announce#1 Debian/GNU Linux#
  - From: Juergen Menden <menden@informatik.tu-muenchen.de>

Prev by Date: Re: lpr vulnerability (was: Draft: Security Alert Announce#1 Debian/GNU Linux#)
Next by Date: Re: lpr vulnerability (was: Draft: Security Alert Announce#1 Debian/GNU Linux#)
Previous by thread: Re: lpr vulnerability (was: Draft: Security Alert Announce#1 Debian/GNU Linux#)
Next by thread: Re: Draft: Security Alert Announce#1 Debian/GNU Linux#
Index(es):
- Date
- Thread