← Back to team overview

puredyne-team team mailing list archive

  1. puredyne-team team
  2. Mailing list archive
  3. Message #00279

[Bug 501340] [NEW] insecure world-writable dir /usr (mode 040757)

  Thread PreviousDate PreviousThread Next 
*** This bug is a security vulnerability ***

Private security bug reported:

Both in liveUSB and after install, it seems /usr is world-writable (mode
040757) which is very insecure. I've grepped around a bit but I haven't
spotted why it's happening but I guess it's not deliberate - is it an
artefact of broth?

Also world-writable are /sbin and /etc - none of these should be world-
writable, right?

** Affects: puredyne-live
     Importance: Critical
         Status: New

** Changed in: puredyne-live
   Importance: Undecided => Critical

-- 
insecure world-writable dir /usr (mode 040757)
https://bugs.launchpad.net/bugs/501340
You received this bug notification because you are a member of puredyne
team, which is a direct subscriber.

Status in Puredyne liveCD/DVD/USB/HD: New

Bug description:
Both in liveUSB and after install, it seems /usr is world-writable (mode 040757) which is very insecure. I've grepped around a bit but I haven't spotted why it's happening but I guess it's not deliberate - is it an artefact of broth?

Also world-writable are /sbin and /etc - none of these should be world-writable, right?

Follow ups

References

  Thread PreviousDate PreviousThread Next