[Pkg-shadow-devel] Bug#699593: [Secure-testing-team] Bug#699593: login: wrong egid
Michael Gilbert
mgilbert at debian.org
Sat Feb 2 21:50:11 UTC 2013
control: reassign -1 eglibc
control: forcemerge 698102 -1
control: tag -1 -security
On Sat, Feb 2, 2013 at 3:53 AM, Michael Tsang wrote:
> Debian GNU/kFreeBSD logs me with a wrong egid. I did the following steps:
>
> 1. Install a new copy of Debian GNU/kFreeBSD
> 2. Configure the system to use LDAP authentication
> 3. Add an LDAP user to a local group (e.g. sudo)
> 4. Log into that user
>
> Then, I found that bash does not read the configuration files since gid and
> egid are different. This is wrong. The egid should be the same as the primary
> gid when logging in. Refer to #698102 for more details.
The inability to read a configuration file is not a security problem.
However, the ability to read/create files as the other uid would be.
If you can demonstrate that ability via this bug, please by all means
re-add the security tag and increase the severity. Otherwise, the bug
should be closed as simply an implementation artifact differing
between linux and freebsd
Best wishes,
Mike
More information about the Pkg-shadow-devel
mailing list