[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability

On Monday 29 July 2002 12:39 pm, Wichert Akkerman wrote:
> Previously Albert Cervera Areny wrote:
> > I suppose this vulnerability affects also debian. I've already changed
> > the setuid bit in chfn and chsh though it is supposed to be difficult to
> > exploit.
>
> Debian doesn't use chfn & friends from util-linux.
>

when you say 'doesn't use,' do you perhaps mean 'never invokes'? because:

# find / -name chfn
/usr/bin/chfn
/etc/pam.d/chfn

and i'm damn sure i didn't put it there all by myself.

ben


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: