[Pkg-shadow-devel] Bug#505071: Bug#505071: Bug#505071: login tty mis-determination (see bug#332198)

Nicolas François nicolas.francois at centraliens.net
Mon Nov 10 11:17:01 UTC 2008


I think there are two different bugs:

 * one is that login relies on the utmp entry with the current PID
   In my opinion, this cannot be exploited because is_my_tty will detect

 * The other one is that between is_my_tty and chown, there is a race
   Changing chown (tty, ...) to fchown (0, ...) might work and might be

The first bug is not critical.

The second one should be fixed for Lenny, but tested first.

Best Regards,

More information about the Pkg-shadow-devel mailing list