Thanks for the DSA-1709 fix. Belatedly, I realize that this still leaves a DoS attack: fill up utmp with entries for all possible PIDs, then login will fail. Maybe that is "properly" Bug#505071 (as distinct from this one)? Please see there about ideas on how to perform this DoS without access to group utmp.
Cheers, Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
