Both login and newgrp leak a file descriptor to /etc/shadow, please see
the see the Debian bug report
http://bugs.debian.org/505071
for details.
Cheers,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of SydneyAustr
Even now, at shadow version 4.1.3, there are DoS issues with securetty,
and bypass/trick of pam_time, pam_group checks. Please see
http://bugs.debian.org/505071
for details.
Cheers,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics
Thanks for the note. Since there are lots of ways to do a local DoS,
we'll wait to see how this is handled upstream.
--
/bin/login gives root to group utmp
https://bugs.launchpad.net/bugs/306082
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ub
I belatedly realize that the Debian etch fix still allows for a DoS attack; I
am not
sure if the Debian sid fix, or the Ubuntu one, are any better.
I do not yet know whether the DoS attack can succeed without group utmp access,
please see
http://bugs.debian.org/505071
http://bugs.debian.org/50
Published as: http://www.ubuntu.com/usn/usn-695-1
** Changed in: shadow (Ubuntu)
Status: New => Fix Released
--
/bin/login gives root to group utmp
https://bugs.launchpad.net/bugs/306082
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubu
** Visibility changed to: Public
--
/bin/login gives root to group utmp
https://bugs.launchpad.net/bugs/306082
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu
