The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CDE

[CC Roell@xinside.com]

Various folks have been reporting problems with CDE. It seems from
the reports I'm getting that

a) 	AccelX were told about it in their version in December
b)	The bug is now well known in the community

The reports are that a CDE login gets put in the root group as well as the
correct groups. That is to say its probably got the bug fixed in xdm in 
1992/1993 and I'd guess not propagated into CDE by X/Open.

Root group itself isnt directly useful but it does mean the slightest 
permission slip lets people do stuff they shouldnt and most distributions
out of the box do have stuff group root writeable somewhere.

Can folks shipping CDE login to CDE as a normal user and use id to
see if they get a list something like:

	uid=502(foo) gid=502(foo) groups=0(root),502(foo),0(root),503(bar)

and tell me what product/revisions are/are not affected

Alan