[Bug 469585] Review Request: moon-buggy - Drive and jump with some kind of car across the moon
bugzilla at redhat.com
bugzilla at redhat.com
Sun Jan 4 14:57:05 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=469585
--- Comment #21 from Robert Scheck <redhat-bugzilla at linuxnetz.de> 2009-01-04 09:57:04 EDT ---
(In reply to comment #20)
> Both on my rawhide i386 system and koji scratch build
> fails (ref: http://koji.fedoraproject.org/koji/taskinfo?taskID=1031143)
Looks like my Rawhide system is then somehow broken, possible. But shouldn't
prevent us here from continuing, the packages for Fedora are anyway built by
the build system hopefully not broken ;-)
> For /bin/vi case, the impact of the risk should be limited
> to the person who intentionally tried to read the file.
And if the person doing intentionally this is root? Thus it is simply the
same case as vi. You unluckily didn't get my point.
> Then please do this in the safe way. By the way the basic problem
> I think is that the file "mbscore" is created by arbitrary person.
Patches by you are cheerfully accepted. As other packages having exactly (!)
the same got successfully reviewed, I'm definately not going to change this
as downstream. This would be upstream's job, I'm not forking foreign software
as other packagers do, because we're just Fedora and because of we're just
cool or we want to be better and more concerned about something than others.
Again, can you show me how to exploit or manipulate read_version2_data() or
read_version3_data() somehow? As mentioned - my C knowledge isn't the best,
but the C code seems straight-forward to me.
> Because Fedora is more careful? (actually security responsible
> team on RedHat is very concerned about setuid/setgid binaries:
> e.g.
> https://www.redhat.com/archives/fedora-security-list/2007-April/msg00004.html
That thread talks about SELinux, PAM and that setuid is here not needed at all;
wrong topic.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-package-review
mailing list