I've not been doing a fair bit of `real` hacking for the past few days... Looking through Debian packages for security holes.
Mostly this has been triggered by somebody mailing me and telling me that the Debian Auditing Project had really nasty webpages - so I've updated them.
Once I did that I got all enthusiastic and built up a list of all the setuid/setgid binaries in Debian stable, before starting to work my way through some of them.
So far I've had several Debian Security Advisories published - and I've got a few more issues to report.
Ideally I'd like to release one a day .. for the next few weeks!
At the moment I have five in hand to report, so there is the chance that I can manage it.
It's been productive week or so - it looks like there's the proposal to audit all new setuid/setgid binaries before they enter the distribution is going to be accepted, so we should be ahead of the game :)
In other life news I have a new cat.
I'm in love, she's beautiful and lovely and nice , and stuff :)