Re: Yikes, sorry. (Was Re: make-kpkg)
Lorens Kockum said something to the effect of:
"Why get asked at all whether to run shadow passwds?"
There are multiple buffer overrun bugs in the shadow
passwd suite as used by debian. The bugs seem to take
different forms in hamm than they do in bo; I'm not sure
why. I reported this as a critical bug in login (to the
effect that if lines in /etc/group are too long, NO ONE
LOGS IN), but the only reply I have received to date is
the automatic reply from the debian bugs robot.
It is my opinion that the shadow passwd suite needs to be
thoroughly and completely shaken down.
It's my understanding:
-that any bug that would prevent anyone logging in, is
critical; if I'm wrong on this, let me know, and I'll
reset the bug severity to something less than this.
Note, however, that such a bug has security implications
as well, especially in the presence of buffer overrun
problems. The silence after posting the bug makes me
suspect this is maybe the case, or that the shadow
passwd suite is orphaned. Could someone please let me
know either way?
-that if a bug which is critical is not resolved, new
versions of debian will not be released.
-Jim
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: