Date: Fri, 21 Sep 2001 17:35:03 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Marc Rogers <marcr@shady.org> Cc: Peter Pentchev <roam@ringlet.net>, Rob Andrews <rob@cyberpunkz.org>, FreeBSD-Security@FreeBSD.ORG Subject: Re: login_conf vulnerability. Message-ID: <20010921173502.A62350@nagual.pp.ru> In-Reply-To: <20010921141937.N99287@shady.org> References: <20010921124410.D99287@shady.org> <20010921154834.B619@ringworld.oblivion.bg> <20010921075540.B71120@switchblade.cyberpunkz.org> <20010921160243.C619@ringworld.oblivion.bg> <20010921141937.N99287@shady.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 21, 2001 at 14:19:37 +0100, Marc Rogers wrote: > > :copyright=/etc/master.passwd: It is SSH+LOGIN_CAP integration bug. SSH should call setusercontext() before accessing "copyright" and "welcome" properties, as /usr/bin/login does. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010921173502.A62350>