[Secure-testing-team] Bug#717536: phoronix-test-suite: installs software from outside debian
Christoph Anton Mitterer
calestyo at scientia.net
Mon Jul 22 02:38:40 UTC 2013
Package: phoronix-test-suite
Version: 4.6.0-1
Severity: critical
Tags: security
Justification: root security hole
Hi.
The only way to operate PTS seems to be by installing the respective tests
from OpenBenchmarking.org, right?
Given that this introduces completely unchecked and untrusted software, for
which moreover no security support is covered by Debian,... this package
should IMHO give big warnings about that fact, at least:
- in the package description
and-
- in a debconf dialogue.
Marking as root security hole, even though the software runs probably as
normal user, but such remote software could expoloit any further local security
hole.
Cheers,
Chris.
More information about the Secure-testing-team
mailing list