[Pkg-shadow-devel] A general summary about the shadow package bugs

[Alexander Gattin]

Hello!

On Fri, Oct 28, 2005 at 10:25:23PM +0200, Christian Perrier wrote:
> #262453: login: su, sudo: Local security hole -- arbitrary character injection
> 
>      The bug seems pretty rethorical and not everyone agrees it's
>      worth "fixing" it.

I think we can work around this by using pts devices in
su, but this can break _some_ things (e.g. some
initscripts, I hope not a lot).

Also, as I said previously, the best solution is fixing
the _kernel_ WRT more strict access control about
_simulating_ _typing_ into someone else's tty/pty (I
mean TIOCSTI ioctl code).

> #334803:  login: suspend command from su shell doesn't work again
> 
>      Alexander is working on it

I suspect sigaction() vs. signal() issue (su.c uses
sigaction() while newgrp.c uses signal()) and will try
to add configuration option, i.e. #ifdef HAVE_SIGACTION
and at first will just try to compile su.c without
HAVE_SIGACTION, like we did WRT USE_PAM in useradd.c et
al.

> #277767:   su segfaults using encrypted LDAP
> 
>      Alexander will try to reproduce it but it needs a quite
>      complicated setup to do so

I'm determined to have very similar setup at lab.

> #332198:   login: unable to determine TTY name, got /dev/pts/1
> 
>      We're still trying to figure out whether there is a bug
>      or not. Not really clear as the bug is not easy to
>      reproduce by the bug submitter

I suspect malformed utmp file as a cause for the bug,
but my stress test is unable to produce this situation
artifically (I'm not a pro in utmp, lastlog etc.) -- I
need advice here.

> #333138:   chfn behaves bogusly when either fd 0, 1 or 2 is not a tty
> 
>      Discussion was in progress. Alexander seems working on the issue

The solution is trivial, I also fixed pwck and grpck
the same way, but I'm just waiting for Tomasz to
incorporate the patch I sent him almost a week ago.

-- 
WBR,
xrgtn