[Pkg-shadow-devel] Bug#628843: (forw) Bug#628843: login: tty hijacking possible in "su" via TIOCSTI ioctl
Thijs Kinkhorst
thijs at debian.org
Thu Jun 9 19:53:43 UTC 2011
Op donderdag 02 juni 2011 07:34:59 schreef Christian PERRIER:
> Security team, I need advice and help here. My co-maintainer for
> shadow, Nicolas, is more or less MIA, so I'm left nearly alone to
> maintain shadow. As Nicolas was also upstream, you understand how
> desperate is my situation..:-)
>
> (maybe this bug will ring a bell for Nicolas, still)
>
> My expertise is, as you may expect, way outreached. So, in short, what
> I need is someone with enough expertise to look at this bug report and
> help deciding if adopting Redhat's patch is correct (assuming it
> applies: I'm not sure that RH is using the same "su" than we do).
>
> Mail CC'ed to submitter, too, so that Daniel also knows that the only
> person who answers....needs help..:-)
Hi Christian,
I'm just mailing to confirm that we did record the issue in our tracker and to
point out that this issue is currently also discueed on oss-security:
http://thread.gmane.org/gmane.comp.security.oss.general/5172
Thijs
More information about the Pkg-shadow-devel
mailing list