[Pkg-shadow-devel] Bug#505071: Bug#505071: closed ... fixed in shadow 1:4.1.3-1
Paul Szabo
psz at maths.usyd.edu.au
Sun Apr 19 12:53:50 UTC 2009
Dear Nicolas,
I wrote:
>> ... Do these [entspent] moves warrant a DSA?
> Maybe not. Testing, it seems that getspnam() does not leave an open file
> descriptor, but setspent() would. (I do not know what /bin/login does
> exactly.)
Now testing, seems that just before the endspent() etc calls, login has
a file descriptor open on /etc/passwd but does not have one for
/etc/shadow. Seems there is no security issue. (Is this weird behaviour
in libc?)
Since I do not know how getspent() or endspent() work, I now wonder
whether chunks of /etc/shadow (other than the line for right user) could
be found in process memory, before or after endspent(). Have so far
failed to read /proc/self/mem in my test program, and wonder if that
feature works in my kernel...
Cheers, Paul
Paul Szabo psz at maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
More information about the Pkg-shadow-devel
mailing list