[Pkg-shadow-devel] Bug#1103832: Bug#1103832: Bug#1103832: shadow: CVE-2024-56433
Chris Hofstaedtler
zeha at debian.org
Tue Apr 22 20:46:14 BST 2025
* Serge E. Hallyn <serge at hallyn.com> [250422 15:48]:
>On Mon, Apr 21, 2025 at 08:08:50PM +0200, Salvatore Bonaccorso wrote:
>> Thought this will not really be fixable in code, it depends on how
>> uids were assigned in within a group of systems form system
>> administrators. Let's link downstream bugreport and upstream and maybe
>> they come up with a documentation update reflecting the issue?
>>
>> For further information see:
>>
>> [0] https://security-tracker.debian.org/tracker/CVE-2024-56433
>> https://www.cve.org/CVERecord?id=CVE-2024-56433
>> [1] https://github.com/shadow-maint/shadow/issues/1157
>
>There is no id range that couldn't possibly conflict with some
>site's network ids. The only default safe for that concern is
>to not automatically enable any subids.
Indeed. The question really is: what are we gonna do?
Should there be some form of documentation update, like a README?
What else would be "sufficient" to close this topic?
Chris
More information about the Pkg-shadow-devel
mailing list