[Secure-testing-team] Bug#516670: files owned by !root
Peter Palfrader
weasel at debian.org
Sun Feb 22 23:53:30 UTC 2009
Package: klibc-utils
Version: 1.5.12-2
Severity: serious
Tags: security
Files in /usr/share/lintian/overrides are not owned by root on lenny/alpha.
weasel at intrepid:~/tmp$ wget -nv http://ftp.de.debian.org/debian/pool/main/k/klibc/klibc-utils_1.5.12-2_alpha.deb
2009-02-23 00:51:51 URL:http://ftp.de.debian.org/debian/pool/main/k/klibc/klibc-utils_1.5.12-2_alpha.deb [248060/248060] -> "klibc-utils_1.5.12-2_alpha.deb" [1]
weasel at intrepid:~/tmp$ ar x klibc-utils_1.5.12-2_alpha.deb
weasel at intrepid:~/tmp$ tar tvzf data.tar.gz | grep lintian
drwxr-xr-x root/root 0 2008-08-11 16:53 ./usr/share/lintian/
drwxr-xr-x root/root 0 2008-08-11 16:53 ./usr/share/lintian/overrides/
-rw-r--r-- buildd/buildd 38 2008-08-11 16:52 ./usr/share/lintian/overrides/klibc-utils
Maybe because the alpha buildd uses -rsudo.
Cheers,
weasel
More information about the Secure-testing-team
mailing list