Summary: | media-libs/yiff runs as root and opens any file a client asks for | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Default Configs | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | sound, vapier |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334616 | ||
Whiteboard: | jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-10-19 10:37:51 UTC
I guess we would run it as user in the "sound" group... No "need" to run as root under Gentoo I guess. vapier, your opinion as the yiff guy ? We don't provide an init script afaict so it's more the responsability of the user to choose under which rights it would run. But it should nevertheless be fixed (either documenting the problem or adding filters on what should not be opened). Setting to Default Configs. CC'ing maintainer (sorry for the delay). Sound please advise. As vapier added and bumped it in the past, probably he's the one who should take care of this. I saw eradicator done some work on that, but he's occupied and I don't have knowledge of yiff to help, and probably the same for the rest of sound herd. vapier any news on this one? Vapier any news on this one? Vapier any news on this one? vapier any news on this one? I don't see anything calling yiff as root. As Koon pointed out there is also no initscripts. And no config files. (just docs) ; A user should be no more inclined to run this as root more than any other program. This bug imo can be closed as is unless we want to audit the source for fun. Thx Solar. |