On Friday 23 January 2009 04:06, Paul Szabo wrote: > Belatedly, I realize that this still leaves a DoS attack: fill up utmp > with entries for all possible PIDs, then login will fail. Maybe that is > "properly" Bug#505071 (as distinct from this one)? Please see there > about ideas on how to perform this DoS without access to group utmp.
Although from the description I think it's definately something that's good to fix, I do not think it's that serious to be a DSA. Still, thanks for your help in analysing these issues - I hope Nicolas will pick up on this for a future release of shadow. cheers, Thijs
pgpK43AOXK0sy.pgp
Description: PGP signature
