A problem has been discovered in resmgr, a resource manager library daemon and PAM module, that allows local users to bypass access control rules and open any USB device when access to one device was granted.
Ccing maintainer for advice : new version / patch ?
Pylon, any news ?
sbriesen, please comment if this can be removed or masked
please mask it in the first place. I will investigate it further. Perhaps there is a patch available. But with latest 2.6 kernels, resmgr is not so important anymore. So if there is no fix, I would remove it from portage.
Thank you, I masked it. Keeping bug open as enh. until patch/removal actually was never stable, so we dont need to care about tempglsa
I guess we can close this bug. reopen for final removal.
Stefan we (Security) normally keep bugs open until it is removed or unmasked again (with Severity enhancement).
ups. sorry. my fault.
# Stefan Cornelius <dercorny@gentoo.org> (27 May 2006) # Masked because of security bug #131866 sys-apps/resmgr Hasn't seen a release since 2003. Someone please remove this cruft, thanks.
Treecleaners turn. Please vote.
++
Yeah, I think this can be removed if the maintainers don't wish to keep it. Debian has a patch for it (at least from the looks of the dsa), but upstream is still at resmgr-1.0. So my vote is also, yes.
Removed, forgot about this one.