Ian Jackson <[EMAIL PROTECTED]> writes: >Certainly before this hole is fixed a system with a shadow `login' >is/was definitely much more vulnerable than one without shadow >passwords at all.
Actually, this has yet to be proven. No exploit script has been posted to show that login is vulnerable. The shadow login program does an isgraph() on all the characters entered, so, assuming there's no bugs in linux's isgraph, it would be a fair trick to create executable code from just the set of printable ascii characters. That would mean that the worst you could expect is for login to dump core. If people issued a security alert for every piece of code running on linuux that didn't do bounds checking on input the security list would be unusable. -- John Henders
