[Bug 692996] Re: No /etc/init.d script

[Josep Pujadas-Jubany]

NOT A BUG !!! DESIGN SECURITY PROBLEM !!!

Please see at /usr/share/doc/festival/changelog.Debian.gz

festival (1.96~beta-7) unstable; urgency=high

  * Do not start festival server by default.
    (Closes: #466796)
  * Revert use of debconf.
  * debian/festival.preinst:
    + Check for obsolete configuration files.
  * debian/{festival.init,festival.scm}: Now example files,
    documented with warnings about potential security
    issues by their use.
  * debian/README.Debian: Document server start details.

 -- Kumar Appaiah <akumar at ee.iitm.ac.in>  Thu, 21 Feb 2008 09:40:52
+0530

And at /usr/share/doc/festival/examples/festival.init  (Ubuntu 12.04
LTS) says:

# WARNING: It is inherently insecure to run a festival instance as a
# server, mainly because it exposes the whole system to exploits which
# can be easily used by attackers to gain access to your
# computer. This is because of the inherent design of the festival
# server. Please use it only in a situation where you are sure that
# you will not be subjected to such an attack, or have adequate
# security precautions.

I found this, also: http://www.securityfocus.com/bid/25069/discuss

This affects only local users who can escalate to root privileges. So,
if you are (alone) using your own desktop, don't worry.

-- 
You received this bug notification because you are a member of
Accessibility, which is subscribed to festival in Ubuntu.
https://bugs.launchpad.net/bugs/692996

Title:
  No /etc/init.d script

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/festival/+bug/692996/+subscriptions