Re: [linux-alert] Serious Security hole in getpwnam ()
On Wed, 29 May 1996, Bruce Perens wrote:
> I submit that the attached fix is insufficient and that
> passwd entries that do not contain UID and GID numbers should not be
> returned by the various password library functions.
I patched passwd to preserve the '+::::::' line. It currently writes
it back out as '+::0:0:::'. Mike vS. said that wouldn't be a problem,
but it might affect this?
I haven't released this passwd yet, btw.
Regarding Incoming, I'm running the dinstall script now. About 1/3 of
the uploads are being rejected, mostly for silly reasons. I'm just
installing those by hand. I'll write a 'How to Upload' document and
post it here and in doc/package-developer this evening. After that, I
won't install any files whose .changes file doesn't pass muster.
Guy
Reply to: