Bug#300720: Bug#300725: Bug#300720: [Pkg-shadow-devel] Bug#300720: Login: Configuration does not load limits.so while others do

[Martin Quinson]

--tqI+Z3u+9OQ7kwn0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, May 09, 2005 at 06:42:44AM +0200, Christian Perrier wrote:
> > Did you read the slashdot story about system being affected by
> > fork-bombs? Debian Woody was not. Several other distributions were
> > affected, and quickly changed their policy. If Sarge will be affected by
> > a simple fork-bomb that is a serious regression.
>=20
>=20
> Advice requested to security and release teams.....

My advice is to prepare an upload to sarge containing this, the login
setuid stuff, the open missing argument and any other comparable issues:
small security improvement, nothing else.

Then, if a new d-i gets builded for more important reasons, this will be
right on the boat. If not, too bad. Those issues are not critical enough to
delay the release by a d-i building cycle.

> If only all those people nitpicking shadow could have made some work
> on it during the last year...:-(

I don't feel they're nitpicking. Security is important, and any bit securing
the place is worthing it.=20

And if you were not here I would never have trusted myself to provide a
patch to shadow, not speaking of doing some real work on it. Don't blame
them, I would do the same if you were not here ;)


Bye, Mt.

--tqI+Z3u+9OQ7kwn0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCfxeVIiC/MeFF8zQRAiR0AJ9ZP4blBTHRK9Qtrh6svDWse/qbJwCbBuc9
yF4vnaHazjoHH8GXGH7AvFs=
=BkC0
-----END PGP SIGNATURE-----

--tqI+Z3u+9OQ7kwn0--