Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability
Hi,
Wichert Akkerman wrote:
>
> Previously ben wrote:
> > when you say 'doesn't use,' do you perhaps mean 'never invokes'? because:
> >
> > # find / -name chfn
> > /usr/bin/chfn
> > /etc/pam.d/chfn
>
> Different implementation (from shadowutils iirc).
a little bit offtopic:
Redhat uses chfn and chsh from linux-utils, SuSE from shadow-utils...
Well, i always suggest to remove the s-flag, if users shouldn't change
something in /etc/passwd.
So i don't have to touch all Redhat-Boxes, on which i have done this ;)
Viele Gruesse
Ralf Dreibrodt
--
Mesos Telefon 49 221 9639263
Wallstr. 123 Fax 49 221 9646649
51063 Koeln Mail rd@mesos.de
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: