Hi, On Sat, Nov 15, 2008 at 01:43:30AM +0100, Florian Weimer wrote: > * Nicolas François: > > > Release Managers, Security Team: > > Do you want 505071 to be fixed also for Lenny? > > Do you mean "etch" instead of "lenny"?
No, I really meant "Lenny" for 505071. For 505271, I assumed it requires a fix for Lenny, and probably for Etch. In 505071, the problem is if I insert utmp entries for every possible PID, with an ut_line pointing, for example, to /dev/null. Then is_my_tty will fail, and login will be denied (until reboot). login selects the first utmp entry (checkutmp) which matches with the PID, but validate the ut_line much later (is_my_tty). One possible fix would be to move is_my_tty in checkutmp to avoid being disturbed by un-closed entries and select (or build) the right entry is the first place. > We'd probably release a DSA once there's a patch which has some track > record, but as far as I can tell, the issue has not been fully > analyzed yet. You guard against a symlink attack, but you don't seem > to ensure that the TTY name retrieved from the utmp file is correct in > the first place. Before the extract of the patch, is_my_tty is called. This ensure that tty (retrieved from utmp) and STDIN_FILENO refers to the same device. The is_my_tty check is kept, isn't it sufficient? What the patch fixes is, if tty is a symlink, I really change the ownership/mode of the device, not of tty, which may have changed since the call to is_my_tty. I split the two bugs because the I did not consider the DOS issue serious enough, and the fix will have a bigger impact. But if Security Team wants the fix for Lenny, and Etch, then I can prepare a patch. Best Regards, -- Nekral -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
