Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability
Wichert Akkerman wrote:
> Previously ben wrote:
> > when you say 'doesn't use,' do you perhaps mean 'never invokes'? because:
> > # find / -name chfn
> > /usr/bin/chfn
> > /etc/pam.d/chfn
> Different implementation (from shadowutils iirc).
a little bit offtopic:
Redhat uses chfn and chsh from linux-utils, SuSE from shadow-utils...
Well, i always suggest to remove the s-flag, if users shouldn't change
something in /etc/passwd.
So i don't have to touch all Redhat-Boxes, on which i have done this ;)
Mesos Telefon 49 221 9639263
Wallstr. 123 Fax 49 221 9646649
51063 Koeln Mail firstname.lastname@example.org
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org