Package: ngetty
Version: 0.3-2
I found a bug in ngetty. Line 200 of ngetty.c is:
if ('0'<=*s && *s<='9') {
One can start then '/sbin/ngetty 0 3 4' and the daemon will
expand '0' to /dev/tty0 or /dev/vc/0. Don't start ngetty
with bad args, or better use full path like
ngetty /dev/tty1 /dev/tty2 /dev/vc/3 /dev/...
If you find this bug is a security hole apply the patch
- if ('0'<=*s && *s<='9') {
+ if ('0'<*s && *s<'10') {
I don't make any changes. One good sysadmins should start
ngetty with right arguments! In the next version I'll write
some word obout this in manual page. That's enough!
Nikola
Is it possible to start:
/sbin/mingetty /dev/tty0
/sbin/fgetty 0
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
