[Pkg-shadow-devel] Bug#1095430: off-by-one error when setting the account expiry
Chris Hofstaedtler
zeha at debian.org
Fri Feb 7 22:43:24 GMT 2025
Control: severity -1 normal
On Fri, Feb 07, 2025 at 08:42:11PM +0100, Lee Garrett wrote:
> on a trixie or newer machine, the following happens:
>
> root at trixie:~# usermod -e 1970-01-02 ansibulluser
> root at trixie:~# getent shadow ansibulluser
> ansibulluser:!:20126:0:99999:7::0:
> ^ this should be "1"
> Set to severity grave because it's a regression and account expiry is a
> potentially security sensitive subject.
The account may now expire one day earlier, that's not a security
problem per se.
Chris
More information about the Pkg-shadow-devel
mailing list