[2018] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: shadow-971001

daemon@ATHENA.MIT.EDU (Rogier Wolff)
Wed Jul 29 02:24:51 1998

In-Reply-To: <3.0.5.16.19980711210817.2a67e740@mailserv.mta.ca> from M Taylor at "Jul 11, 98 09:08:17 pm"
To: mctaylor@mta.ca (M Taylor)
Date: Wed, 29 Jul 1998 08:13:11 +0200 (MEST)
Cc: hightide@ginch.org, linux-security@redhat.com
From: R.E.Wolff@BitWizard.nl (Rogier Wolff)
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

M Taylor wrote:
> At 06:02 PM 7/10/98 -0500, you wrote:
> >I think I may have found a security weakness w/ login in shadow-971001.  I
> >can't imagine this being a large problem if no one has run into it yet,
> >but I know that's not the way to run security.
> >...
> >I appologize for being out of coding long enough to put together a patch
> >and contact the _right_ people before hand (I'm getting back though),
> >however if this does in fact need to be patched, it should be as simple as
> >what's done in su.c from the same package:
> >...
> 
> Did you inform the shadow package maintainer? 

[...]

> Maintained-by:  marekm@piast.t19.ds.pwr.wroc.pl (Marek Michalkiewicz)
> (according to http://sunsite.unc.edu/pub/Linux/system/admin/shadow.lsm)

Marek informs me:

> Fixed in shadow-980724, available from

> ftp://piast.t19.ds.pwr.wroc.pl/pub/linux/shadow/shadow-980724.tar.gz
> ftp://ftp.ists.pwr.wroc.pl/pub/linux/shadow/shadow-980724.tar.gz

				Roger. 

-- 
Actor asks a collegue: "To what do you owe your success in acting?"
Answer: "Honesty. Once you've learned how to fake that, you've got it made."
-------- Custom Linux device drivers for sale! Call for a quote. ----------
Email: R.E.Wolff@BitWizard.nl || Tel: +31-15-2137555 || FAX: +31-15-2138217

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post