[Pkg-shadow-devel] Bug#505071: Bug#505071: closed ... fixed in shadow 1:4.1.3-1
Nicolas François
nicolas.francois at centraliens.net
Thu Apr 16 13:23:55 UTC 2009
Hello,
On Thu, Apr 16, 2009 at 07:59:17PM +1000, psz at maths.usyd.edu.au wrote:
>
> > We believe that the bug you reported is fixed in ...
> > login_4.1.3-1_i386.deb ...
>
> The untrusted ut_line is now internally used for utmp only (so there
> should be no security issues there), but is passed to PAM as PAM_TTY.
Please state more clearly why it's untrusted, and why it's a problem.
This statement as such is useless, and as it seems you already have dig
into it, it should be easy for you report your findings.
If you have ideas on what should be done (or even better, patches), they
are welcomed. If you want to change the utmp handling of login, that's
fine, but please explain.
If I have to look again in the history of the bug, in the source, come back
to your statement, make a proposal, close the bug, receive this kind of
comment, etc. it is a waste of time.
> Thus an attacker could:
> - cause securetty checks to fail resulting in a DoS, or
> - bypass or trick some checks in pam_time or pam_group.
> Please let me know if you require further details.
Yes, further details would be welcomed.
> [Am puzzled that the bug embodied in is_my_tty() was left, and by the
> insistence to use ut_line in preference to ttyname().]
Am puzzled about that comment.
> Please re-open the bug.
Please do if it's the same bug (but with a rational).
Please open a new bug if it's another bug (explanations are also needed,
and proposals are welcomed)
Best Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list