[Debian-med-packaging] Bug#683647: logol: creates world writable directory: /var/lib/logol/results
Andreas Beckmann
debian at abeckmann.de
Thu Aug 2 14:04:25 UTC 2012
Package: logol
Version: 1.5.0-2
Severity: grave
Tags: security
Justification: user security hole
User: debian-qa at lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed that your packages creates a world
writable directory:
drwxrwxrwx 2 root root 40 Jul 1 21:59 /var/lib/logol/results
There any local user may delete/replace arbitrary files that were not
created by the user himself.
Andreas
More information about the Debian-med-packaging
mailing list