Bug#355268: [Pkg-shadow-devel] Bug#355268: passwd: config script
report errors when root user is disabled
Alexander Gattin
xrgtn at yandex.ru
Sat Mar 4 23:08:18 UTC 2006
Hi!
On Sat, Mar 04, 2006 at 07:08:20PM +0100, Nicolas François wrote:
> Anyway, I will add the x, because it fails with ash otherwise.
Yes, I had big concerns about not having "x" in front
of expanded password. However, because I didn't succeed
trying to exploit this using bash's test or GNU test
(/usr/bin/test), I didn't report my concerns.
// bash's test and GNU test are too cunning to
// allow exploit of [ "$smth" ] && [ "$smth" != '*' ]
// (more complex expressions may or may not be
// exploited, though...)
P.S.
> Your patch also makes root_password to return 0 when the /etc/passwd
> passwd is set to ! (and it does not check if the /etc/shadow passwd is set
> to !). What is it used for?
Yes, looks unnatural. Can '!' at all appear in
/etc/passwd? Maybe yes, when there's no /etc/shadow at
all...
P.P.S.
Should we reopen the bug and fix with more bulletproof
patch?
--
I didn't want to suggest "x" without providing POF...
xrgtn
More information about the Pkg-shadow-devel
mailing list