[Pkg-shadow-devel] Bug#505071: Bug#505071: closed ... fixed in shadow 1:4.1.3-1
Nicolas François
nicolas.francois at centraliens.net
Sun Apr 19 15:47:35 UTC 2009
On Sun, Apr 19, 2009 at 10:53:50PM +1000, psz at maths.usyd.edu.au wrote:
>
> Now testing, seems that just before the endspent() etc calls, login has
> a file descriptor open on /etc/passwd but does not have one for
> /etc/shadow. Seems there is no security issue. (Is this weird behaviour
> in libc?)
There are no call to setspent or getspent in shadow, so I'm not really
surprised.
> Since I do not know how getspent() or endspent() work, I now wonder
> whether chunks of /etc/shadow (other than the line for right user) could
> be found in process memory, before or after endspent(). Have so far
> failed to read /proc/self/mem in my test program, and wonder if that
> feature works in my kernel...
Only getspnam would have to be checked.
The problem probably depends on the libc.
Best Regards,
--
Nekral
More information about the Pkg-shadow-devel
mailing list