On Sat, Sep 22, 2001 at 15:11:17 +0400, Andrey A. Chernov wrote:
> If you mean his report in BUGTRAQ
> it is hoax, we don't have such vulnerability in -current as I test. 
> Please TEST things before commiting, especially to all branches. 
> Please back it out.

Why it is hoax? One reason is simple, look at his examples:

default: :copyright=/etc/master.passwd:



in user's ~/.login_conf.

Only "me" class can be defined in ~/.login_conf, anything else ignored 
there. And "me" class picked up only when permissions are set to user 
mode, at the end of setusercontext(). And "copyright" and "welcome" are 
not overwriteable from "me" class in any case.

Andrey A. Chernov

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to