Bug#305600: [Pkg-shadow-devel] Bug#305600: Wait a second. This bug is not fixed

[Martin Quinson]

--wLAMOaPNJ0fu1fTG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, May 08, 2005 at 02:03:20PM +0200, Christian Perrier wrote:
> > happens. In my opinion, this is a unfixable bug. Whatever we do in logi=
n to
> > prevent it could be done by an attacker, too. But I may well be wrong.
>=20
> Please close this bug when all hairs have been careully cut in four
> parts (typical French joke).

The submitter spoke about magic kernel keys and how we should use them to
prevent the attack. If it's doable and if it makes attacker life harder, I
don't see the point of not doing so.

I agree that when you have physical access to the box, security becomes very
difficult, but I don't want to use this as an excuse for not trying to
secure the boxes under this really common setting.

So, I'd say that the ball is on the submitter side. How do you think we
could help here? What do you expects from us?

Bye, Mt.

--wLAMOaPNJ0fu1fTG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCfhRkIiC/MeFF8zQRAs7tAJoCtR030Gmlgy0j/2z0+3ghFic9iQCgx5VS
2yeGGAb8u5qgbvwg9HLLkUs=
=qX2T
-----END PGP SIGNATURE-----

--wLAMOaPNJ0fu1fTG--