[Pkg-shadow-devel] Bug#505071: closed ... fixed in shadow 1:4.1.3-1
Paul Szabo
psz at maths.usyd.edu.au
Thu Apr 16 09:59:17 UTC 2009
Dear Nicolas,
> We believe that the bug you reported is fixed in ...
> login_4.1.3-1_i386.deb ...
The untrusted ut_line is now internally used for utmp only (so there
should be no security issues there), but is passed to PAM as PAM_TTY.
Thus an attacker could:
- cause securetty checks to fail resulting in a DoS, or
- bypass or trick some checks in pam_time or pam_group.
Please let me know if you require further details.
[Am puzzled that the bug embodied in is_my_tty() was left, and by the
insistence to use ut_line in preference to ttyname().]
Please re-open the bug.
Cheers, Paul
Paul Szabo psz at maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
More information about the Pkg-shadow-devel
mailing list