[Pkg-shadow-devel] Bug#276419: Overflated severity?
Nicolas François
nicolas.francois@centraliens.net
Thu, 24 Mar 2005 23:45:47 +0100
On Thu, Mar 24, 2005 at 10:09:07PM +0200, Alexander Gattin wrote:
> Hi!
>
> On Thu, Mar 24, 2005 at 07:14:57PM +0100, Christian Perrier wrote:
> > I'm afraid I don't really see the rationale behind the severity of
> > this bug report.
> >
> > Does it really deserve the "important" severity
>
> No. IMO.
Agreed. Since there is a very simple fix (escape of arguments, which
people used to shell programming should be able to achieve), a normal (or
even minor) severity could be used.
minor
a problem which doesn't affect the package's usefulness, and is
presumably trivial to fix.
> Also, I already had a look at this bug some time ago
> (half a year?). As far as I remember, the bug is fixed
> in upstream -- need to re-check.
Upstream's code for run_shell is very different (lots of PAM stuff) and
use the arguments the same way as my patch.
I also tested it to make sure, and (with the exception that --shell is not
supported), it works.
If anybody change the severity, it could also be tagged fixed-upstream
BTW, do you think the options supported by the Debian's su will be needed
after Sarge (currently it support --command, --preserve-environment and
--shell, but IMHO upstream's su has no option).
--
Nekral