emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

* NEWS, libmisc/chowntty.c, libmisc/utmp.c: is_my_tty() moved from

Browse Source 
utmp.c to chowntty.c. checkutmp() now only uses an existing utmp
	entry if the pid matches and ut_line matches with the current tty.
	This fixes a possible DOS when entries can be forged in the utmp
	file.
	* libmisc/chowntty.c, src/login.c, lib/prototypes.h: Remove the
	tty argument from chown_tty. chown_tty always changes stdin and
	does not need this argument anymore.
This commit is contained in:
nekral-guest
2008-11-22 23:56:11 +00:00
parent eb4097180b
commit a324a7f13f
5 changed files with 49 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS
View File

@@ -64,6 +64,8 @@ shadow-4.1.2.1 -> shadow-4.1.2.2 23-11-2008
*** security
- Fix a race condition in login that could lead to gaining ownership or
changing mode of arbitrary files.
- Fix a possible login DOS, which could be caused by injecting forged
entries in utmp.
shadow-4.1.2 -> shadow-4.1.2.1 26-06-2008