[Pkg-shadow-devel] Bug#505071: Bug#505071: Bug#505071: login tty mis-determination (see bug#332198)

[Nicolas François]

Hello,

I think there are two different bugs:

 * one is that login relies on the utmp entry with the current PID
   In my opinion, this cannot be exploited because is_my_tty will detect
   it.

 * The other one is that between is_my_tty and chown, there is a race
   condition.
   Changing chown (tty, ...) to fchown (0, ...) might work and might be
   sufficient.

The first bug is not critical.

The second one should be fixed for Lenny, but tested first.

Best Regards,
-- 
Nekral