[Secure-testing-team] Bug#813681: apt-listbugs starts browser as root
Nick T.
nick at ncktsp.com
Thu Feb 4 10:24:09 UTC 2016
Package: apt-listbugs
Version: 0.1.17
Severity: wishlist
Tags: security
apt-listbugs when asked to display bug information in browser it starts the browser as root. Needless to say this is not a good idea and in specific circumstances a security issue.
listbugs should drop the superuser privileges before doing so. My recommendation is to launch the browser as 'nobody' by default and add a config option to set a custom user.
Regards,
Nick
More information about the Secure-testing-team
mailing list