Hi! On Sat, Mar 04, 2006 at 07:08:20PM +0100, Nicolas François wrote: > Anyway, I will add the x, because it fails with ash otherwise.
Yes, I had big concerns about not having "x" in front of expanded password. However, because I didn't succeed trying to exploit this using bash's test or GNU test (/usr/bin/test), I didn't report my concerns. // bash's test and GNU test are too cunning to // allow exploit of [ "$smth" ] && [ "$smth" != '*' ] // (more complex expressions may or may not be // exploited, though...) P.S. > Your patch also makes root_password to return 0 when the /etc/passwd > passwd is set to ! (and it does not check if the /etc/shadow passwd is set > to !). What is it used for? Yes, looks unnatural. Can '!' at all appear in /etc/passwd? Maybe yes, when there's no /etc/shadow at all... P.P.S. Should we reopen the bug and fix with more bulletproof patch? -- I didn't want to suggest "x" without providing POF... xrgtn
