Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability
On Monday 29 July 2002 12:39 pm, Wichert Akkerman wrote:
> Previously Albert Cervera Areny wrote:
> > I suppose this vulnerability affects also debian. I've already changed
> > the setuid bit in chfn and chsh though it is supposed to be difficult to
> > exploit.
>
> Debian doesn't use chfn & friends from util-linux.
>
when you say 'doesn't use,' do you perhaps mean 'never invokes'? because:
# find / -name chfn
/usr/bin/chfn
/etc/pam.d/chfn
and i'm damn sure i didn't put it there all by myself.
ben
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: