[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#1400: Cron should respect /etc/group

Shit shit shit shit shit.

This is a major security hole - see my message to debian-changes.

For the technically minded, here is what do_command.c used to say:
 # if defined(BSD)
                 initgroups(env_get("LOGNAME", e->envp), e->gid);
 # endif

I'm closing this bug report.  Could someone with access to a few other
Linux systems please check them to see if they are vulnerable ?  If so
we should make a posting to linux-alert.


Reply to: