[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: RAZOR advisory: Linux util-linux chfn local root vulnerability

Hi,

Wichert Akkerman wrote:
> 
> Previously ben wrote:
> > when you say 'doesn't use,' do you perhaps mean 'never invokes'? because:
> >
> > # find / -name chfn
> > /usr/bin/chfn
> > /etc/pam.d/chfn
> 
> Different implementation (from shadowutils iirc).

a little bit offtopic:
Redhat uses chfn and chsh from linux-utils, SuSE from shadow-utils...

Well, i always suggest to remove the s-flag, if users shouldn't change
something in /etc/passwd.
So i don't have to touch all Redhat-Boxes, on which i have done this ;)

Viele Gruesse
Ralf Dreibrodt

-- 
Mesos         Telefon 49 221 9639263
Wallstr. 123      Fax 49 221 9646649
51063 Koeln         Mail rd@mesos.de


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: