Re: [linux-alert] Serious Security hole in getpwnam ()

To: Bruce Perens <bruce@pixar.com>
Cc: "Debian Developer's List" <debian-devel@lists.debian.org>
Subject: Re: [linux-alert] Serious Security hole in getpwnam ()
From: Guy Maor <maor@ece.utexas.edu>
Date: Wed, 29 May 1996 14:06:48 -0500 (CDT)
Message-id: <[🔎] Pine.SOL.3.93.960529135557.20801B-100000@brando.ece.utexas.edu>
In-reply-to: <[🔎] m0uOp3H-0005z7C@mongo.pixar.com>

On Wed, 29 May 1996, Bruce Perens wrote:

> I submit that the attached fix is insufficient and that
> passwd entries that do not contain UID and GID numbers should not be
> returned by the various password library functions.

I patched passwd to preserve the '+::::::' line.  It currently writes
it back out as '+::0:0:::'.  Mike vS. said that wouldn't be a problem,
but it might affect this?

I haven't released this passwd yet, btw.

Regarding Incoming, I'm running the dinstall script now.  About 1/3 of
the uploads are being rejected, mostly for silly reasons.  I'm just
installing those by hand.  I'll write a 'How to Upload' document and
post it here and in doc/package-developer this evening.  After that, I
won't install any files whose .changes file doesn't pass muster.

Guy

Reply to:

References:
- Re: [linux-alert] Serious Security hole in getpwnam ()
  - From: bruce@pixar.com (Bruce Perens)

Prev by Date: Re: [linux-alert] Serious Security hole in getpwnam ()
Next by Date: Bug#3146: 1.1 installation: ae doesn't work
Previous by thread: Re: [linux-alert] Serious Security hole in getpwnam ()
Next by thread: Re: [linux-alert] Serious Security hole in getpwnam ()
Index(es):
- Date
- Thread