Summary: | www-apps/webdavcgi-0.8.3[suid] breaks depclean | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Kent Fredric (IRC: kent\n) (RETIRED) <kentnl> |
Component: | Current packages | Assignee: | Christian Affolter <c.affolter> |
Status: | CONFIRMED --- | ||
Severity: | normal | CC: | dev-portage, dev-zero, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/10826 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Kent Fredric (IRC: kent\n) (RETIRED)
2018-01-17 01:13:36 UTC
The relevant part of the Security Handbook regarding hard links is at the bottom of the page here: https://wiki.gentoo.org/wiki/Security_Handbook/File_permissions#SUID.2FSGID_binaries_and_hard_links Also see bug 81097. I would suppose to simply delete webdavcgi-0.8.3 (and 0.8.4 probably as well) from the tree, as the version is quite old and the switch away from using the 'webapp' functions was done quite a while ago. This was the main reason for keeping it around, so that the users might have some time to adapt to the new installation. (In reply to Christian Affolter from comment #2) > I would suppose s/suppose/propose/ I've decided to drop the legacy ebuild(s) which should solve this issue. The PR is available on GitHub: https://github.com/gentoo/gentoo/pull/10826 |