The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Guy: Please change "frozen" to "stable" and release Debian 1.3 .



Thomas Koenig <ig25@mvmap66.ciw.uni-karlsruhe.de> writes:

> Bruce Perens wrote:
> 
> >I have a "go" from Brian, and he has a "go" from Dale and the testing team.
> 
> What about the chmod u-s for xterm?  Will this be prominently mentioned

NO.

This breaks MANY things.  It does not allow utmp/wtmp entry writing,
causing the session to not be recognized by the system and utilities
such as finger, write, talkd, etc.  It does not allow changing
permissions on ptty devices, causing problems wherein anybody can
write to the terminal and anybody can and read the data being
displayed.  And these things are EASY to exploit, not requiring
in-depth knowledge as the Xt exploit.  And, AFAIK, nobody has publicly
posted an Xt exploit....

> in the docs, or even in the postinst scripts?

> Or do you want versions of Debian which contain a known exploitable
> suid root hole on CD? :-(

No.  But it's better than version of Debian in which multiple vital
system functions are totally hosed.

-- 
John Goerzen          | Running Debian GNU/Linux (www.debian.org)
Custom Programming    | 
jgoerzen@complete.org | 


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .