Thanks for the DSA-1709 fix. Belatedly, I realize that this still leaves a DoS attack: fill up utmp with entries for all possible PIDs, then login will fail. Maybe that is "properly" Bug#505071 (as distinct from this one)? Please see there about ideas on how to perform this DoS without access to group utmp.
Cheers, Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
