Re: libnss-ldap/libpam-ldap security issue
Steve Langasek wrote:
Crash yes, I suspect not a parser bug though. Suspect it might be
related to using the wrong certificates used in $HOME/.ldaprc for the
I think your memory is probably better than mine here, I didn't remember
half of the details until I read them again in your message. :)
So do we have some sort of reproducible parser crash in libldap here, then?
Is there a bug report open about this (with Debian or upstream)?
As it involves a number of packages and in stable too, I wasn't sure
where to file a bug report, or even if it is appropriate to file bug report.
My main concern wasn't the crash though, it was the fact that I could
override the certificates used for checking the remote LDAP server used
for checking sudo passwords in the untrusted user's home directory.