[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability


Wichert Akkerman wrote:
> Previously ben wrote:
> > when you say 'doesn't use,' do you perhaps mean 'never invokes'? because:
> >
> > # find / -name chfn
> > /usr/bin/chfn
> > /etc/pam.d/chfn
> Different implementation (from shadowutils iirc).

a little bit offtopic:
Redhat uses chfn and chsh from linux-utils, SuSE from shadow-utils...

Well, i always suggest to remove the s-flag, if users shouldn't change
something in /etc/passwd.
So i don't have to touch all Redhat-Boxes, on which i have done this ;)

Viele Gruesse
Ralf Dreibrodt

Mesos         Telefon 49 221 9639263
Wallstr. 123      Fax 49 221 9646649
51063 Koeln         Mail rd@mesos.de

To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: