[Pkg-shadow-devel] Bug#628843: Bug#628843: (forw) Bug#628843: login: tty hijacking possible in "su" via TIOCSTI ioctl
Christian PERRIER
bubulle at debian.org
Fri Jun 10 05:33:40 UTC 2011
Quoting Thijs Kinkhorst (thijs at debian.org):
> Hi Christian,
>
> I'm just mailing to confirm that we did record the issue in our tracker and to
> point out that this issue is currently also discueed on oss-security:
> http://thread.gmane.org/gmane.comp.security.oss.general/5172
Thanks, Thijs, for your answer.
I'm more reliefed now that Nicolas popped up and even proposed a
preliminary patch. I don't have the expertise to give any advice about
his patch but I think that we have there a good start for an
up-to-come fix.
During last week, Nicolas was active "cleaning out" things for shadow
so I think we can have some good hope to have a fixed issue at some
moment in the near future...
But, as Nicolas mentioned, an expert review of his proposal would be
very much welcomed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20110610/b2a69d2f/attachment.pgp>
More information about the Pkg-shadow-devel
mailing list