[Pkg-shadow-devel] Bug#1124835: Bug#1124835: chpasswd hash check goes too far
Serge E. Hallyn
serge at hallyn.com
Wed Jan 14 22:22:21 GMT 2026
On Sat, Jan 10, 2026 at 11:05:09PM +0100, Marc Haber wrote:
> On Sat, Jan 10, 2026 at 03:18:17PM -0600, Serge E. Hallyn wrote:
> > So, just to be clear, you think all would be fine if we accept * followed
> > by anything, and ! not followed by anything?
>
> I would still prefer that a low level tool like chpasswd would still allow
> the sysadmin to shoot themselves in the foot, but I would live with
> consistency at least.
I too would prefer to live in a world where we could let the sysadmin shoot
themselves in the foot. The problem is that malicious actors tend to find
ways to run things as administrators, leading to exploit chains.
More information about the Pkg-shadow-devel
mailing list