[Pkg-shadow-devel] Bug#505071: Bug#505071: closed ... fixed in shadow 1:4.1.3-1
Nicolas François
nicolas.francois at centraliens.net
Fri Apr 17 21:21:44 UTC 2009
reopen 505071
thanks
Hello,
On Fri, Apr 17, 2009 at 07:55:23AM +1000, psz at maths.usyd.edu.au wrote:
>
> Please see below. The patch of src/login.c is essential for security;
> I would prefer to use the libmisc/utmp.c patch also.
I changed src/login.c
in libmisc/utmp.c, I only sanitized ut_line.
Is it necessary to reset ut_id?
There isn't a single/standard way to define ut_id. If the caller of login
did not use the same algorithm (ut_line+3), then a new entry will be added
in utmp.
What would be the consequences of a wrong/forged ut_id?
If all fields are reset, then, yes we could remove the getutent() loop.
> Hmm... am now thinking that hostname (PAM_RHOST) may also be dodgy.
utent.ut_host is only used to set:
* fromhost (only used for SYSLOG)
* failent
A forged ut_host does not seems critical.
> I do not think I can re-open (would not know how, and I think am banned
> from doing control things since the kerfuffle in #299007).
I would be really surprised that you would be banned from the BTS (I only
heard about one case in the past).
Instructions are there:
http://www.debian.org/Bugs/server-control
Best Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list