The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security: How we did it

To: Daniel Quinlan <quinlan@proton.pathname.com>
Subject: Re: Security: How we did it
From: Christoph Lameter <clameter@waterf.org>
Date: Mon, 18 Nov 1996 08:41:26 -0800 (PST)
Cc: debian-private@lists.debian.org
Importance: low
In-reply-to: <yf2hgmnzzpu.fsf@proton.pathname.com>
Priority: non-urgent
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"cBIbz3.0.9E7.ZK9ao"@master.debian.org>
Resent-reply-to: debian-private@lists.debian.org
Resent-sender: debian-private-request@lists.debian.org

On 17 Nov 1996, Daniel Quinlan wrote:

quinlan >I agree, you haven't been laissez-faire.  In fact, you've been very
quinlan >"hands on" (rough antonym of the French).  You have made programs
quinlan >setuid without reviewing the security implications, warning users
quinlan >during installation, or taking steps to ensure that users couldn't
quinlan >exploit the programs.

In case of dosemu etc that was the security scheme provided by upstream.
None of my doing.

Regarding the netdiag package: The setuid's that were once part of the
package were only executable by a members of a certain group. Notice that
they were taken out after objections came up.

It would have been insecure if all would have had access by default which
was never the case with anything regarding setuids that I did personally.

quinlan >> One example: the very existence of a must world readable file like
quinlan >> /etc/passwd.
quinlan >
quinlan >Using shadow passwords fixes this.  Unless you install one of
quinlan >Chrisoph's packages, of course.

Look I have had enough of this nonsense. Ok. You found a security hole in
dosemu but to make this general claim is really irresponsible.

Why dont you take over the dosemu package and fix it? I have really enough
other things that need my attention than that nest of bugs.

--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
PGP Public Key  =  FB 9B 31 21 04 1E 3A 33  C7 62 2F C0 CD 81 CA B5 

--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Follow-Ups:
- permissions on setuid binaries
  - From: Daniel Quinlan <quinlan@proton.pathname.com>

References:
- Re: Security: How we did it
  - From: Daniel Quinlan <quinlan@proton.pathname.com>

Prev by Date: Re: Security: How we did it
Next by Date: Re: Binary-Only packages
Previous by thread: Re: Security: How we did it
Next by thread: permissions on setuid binaries
Index(es):
- Date
- Thread