Hello,
Well, I know I am a devil's advocate. What if user tries to login
on any old terminal like wyse or other VT over serial? Turning off and on
the terminal should kill all processes and respawn new getty but is it
always supposed to work?
Regarding to this bug. I think this is rather general problem with security
policy. It should be mentioned in login manual in a short way (vulnerable to
phishing attach, see details at XXX) and elaborate the problem in other
place. Maybe somewhere in /usr/share/doc/shadow, maybe in any documentation
about security, Securing Debian Manual for example. I think it would be
a better way to do because of other programs, mentioned in this buglog, also
vulnerable to this kind of attack.
Regards
Artur
--
Documentation is like sex: When it is good, it is very, very, good.
And when it is bad, it is better than nothing.
/Dick Brandon/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
