On Sun, Apr 19, 2009 at 10:53:50PM +1000, [email protected] wrote: > > Now testing, seems that just before the endspent() etc calls, login has > a file descriptor open on /etc/passwd but does not have one for > /etc/shadow. Seems there is no security issue. (Is this weird behaviour > in libc?)
There are no call to setspent or getspent in shadow, so I'm not really surprised. > Since I do not know how getspent() or endspent() work, I now wonder > whether chunks of /etc/shadow (other than the line for right user) could > be found in process memory, before or after endspent(). Have so far > failed to read /proc/self/mem in my test program, and wonder if that > feature works in my kernel... Only getspnam would have to be checked. The problem probably depends on the libc. Best Regards, -- Nekral -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
