[Pkg-shadow-devel] Bug#628843: Bug#628843: (forw) Bug#628843: login: tty hijacking possible in "su" via TIOCSTI ioctl

Christian PERRIER bubulle at debian.org
Fri Jun 10 05:33:40 UTC 2011

Quoting Thijs Kinkhorst (thijs at debian.org):

> Hi Christian,
> I'm just mailing to confirm that we did record the issue in our tracker and to 
> point out that this issue is currently also discueed on oss-security:
> http://thread.gmane.org/gmane.comp.security.oss.general/5172

Thanks, Thijs, for your answer.

I'm more reliefed now that Nicolas popped up and even proposed a
preliminary patch. I don't have the expertise to give any advice about
his patch but I think that we have there a good start for  an
up-to-come fix.

During last week, Nicolas was active "cleaning out" things for shadow
so I think we can have some good hope to have a fixed issue at some
moment in the near future...

But, as Nicolas mentioned, an expert review of his proposal would be
very much welcomed.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20110610/b2a69d2f/attachment.pgp>

More information about the Pkg-shadow-devel mailing list