Hi,
Debian doesn't use chfn friends from util-linux.
wouldn't it make sense (in a case like this) to release a DSA,
just stating we are not affected by this, since this fact is
not obvious?
Cheers, Thomas
I suppose this vulnerability affects also debian. I've already changed the
setuid bit in chfn and chsh though it is supposed to be difficult to exploit.
-- Missatge transmès --
Subject: RAZOR advisory: Linux util-linux chfn local root vulnerability
Date: Mon, 29 Jul 2002
On Monday 29 July 2002 12:39 pm, Wichert Akkerman wrote:
Previously Albert Cervera Areny wrote:
I suppose this vulnerability affects also debian. I've already changed
the setuid bit in chfn and chsh though it is supposed to be difficult to
exploit.
Debian doesn't use chfn friends from
Previously ben wrote:
when you say 'doesn't use,' do you perhaps mean 'never invokes'? because:
# find / -name chfn
/usr/bin/chfn
/etc/pam.d/chfn
Different implementation (from shadowutils iirc).
Wichert.
--
_
/[EMAIL
On Mon, Jul 29, 2002 at 01:08:00PM -0700, ben wrote:
when you say 'doesn't use,' do you perhaps mean 'never invokes'? because:
# find / -name chfn
/usr/bin/chfn
/etc/pam.d/chfn
and i'm damn sure i didn't put it there all by myself.
I think this is the meaning of wichert's message:
On Monday 29 July 2002 01:04 pm, Wichert Akkerman wrote:
Previously ben wrote:
when you say 'doesn't use,' do you perhaps mean 'never invokes'? because:
# find / -name chfn
/usr/bin/chfn
/etc/pam.d/chfn
Different implementation (from shadowutils iirc).
Wichert.
aah! thanks,
6 matches
Mail list logo
