Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability

Hi, > Debian doesn't use chfn & friends from util-linux. wouldn't it make sense (in a case like this) to release a DSA, just stating "we are not affected by this", since this fact is not obvious? Cheers, Thomas

Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability

Hi, Wichert Akkerman wrote: > > Previously ben wrote: > > when you say 'doesn't use,' do you perhaps mean 'never invokes'? because: > > > > # find / -name chfn > > /usr/bin/chfn > > /etc/pam.d/chfn > > Different implementation (from shadowutils iirc). a little bit offtopic: Redhat uses chfn and

Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability

On Monday 29 July 2002 01:04 pm, Wichert Akkerman wrote: > Previously ben wrote: > > when you say 'doesn't use,' do you perhaps mean 'never invokes'? because: > > > > # find / -name chfn > > /usr/bin/chfn > > /etc/pam.d/chfn > > Different implementation (from shadowutils iirc). > > Wichert. aah! t

Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability

On Mon, Jul 29, 2002 at 01:08:00PM -0700, ben wrote: > when you say 'doesn't use,' do you perhaps mean 'never invokes'? because: > > # find / -name chfn > /usr/bin/chfn > /etc/pam.d/chfn > > and i'm damn sure i didn't put it there all by myself. I think this is the meaning of wichert's message:

Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability

Previously ben wrote: > when you say 'doesn't use,' do you perhaps mean 'never invokes'? because: > > # find / -name chfn > /usr/bin/chfn > /etc/pam.d/chfn Different implementation (from shadowutils iirc). Wichert. -- _ /[EMAIL

Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability

On Monday 29 July 2002 12:39 pm, Wichert Akkerman wrote: > Previously Albert Cervera Areny wrote: > > I suppose this vulnerability affects also debian. I've already changed > > the setuid bit in chfn and chsh though it is supposed to be difficult to > > exploit. > > Debian doesn't use chfn & friend

Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability

Previously Albert Cervera Areny wrote: > I suppose this vulnerability affects also debian. I've already changed the > setuid bit in chfn and chsh though it is supposed to be difficult to exploit. Debian doesn't use chfn & friends from util-linux. Wichert. -- _

Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability

I suppose this vulnerability affects also debian. I've already changed the setuid bit in chfn and chsh though it is supposed to be difficult to exploit. -- Missatge transmès -- Subject: RAZOR advisory: Linux util-linux chfn local root vulnerability Date: Mon, 29 Jul 2002 10:51: