Hello, I think there are two different bugs:
* one is that login relies on the utmp entry with the current PID In my opinion, this cannot be exploited because is_my_tty will detect it. * The other one is that between is_my_tty and chown, there is a race condition. Changing chown (tty, ...) to fchown (0, ...) might work and might be sufficient. The first bug is not critical. The second one should be fixed for Lenny, but tested first. Best Regards, -- Nekral -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
