[php-maint] Bug#618489: Bug#618489: Bug#618489: Bug#618489: php5-common: priviledge escalation in /etc/cron.d/php5

Sean Finney seanius at debian.org
Thu Mar 17 21:37:52 UTC 2011


On Thu, 2011-03-17 at 09:45 +0000, Stephane Chazelas wrote:
> 
> Note that I gave a POSIX equivalent of that command.
> 
> Another reason for using -delete (you're using GNU syntax
> anyway) is that files are removed just after their time stamp is
> checked.

okay, so then i think we're all in agreement to use -delete and throw
out the -print0|xargs.  i double checked on kFreeBSD and find is also
built with O_NOFOLLOW there btw.

so regarding the maxdepth/prune... not sure that we have agreement on
whether this should go at stable/oldstable or not.  do we limit it to
unstable, or do we make the change and maybe add some notes for
-security to put in the DSA?

likewise, with the permissions change?


	sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20110317/d41b30a6/attachment.pgp>


More information about the pkg-php-maint mailing list