From owner-freebsd-security  Fri Sep 21  6:35:48 2001
Delivered-To: freebsd-security@freebsd.org
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by hub.freebsd.org (Postfix) with ESMTP id 0247637B407
	for <FreeBSD-Security@FreeBSD.ORG>; Fri, 21 Sep 2001 06:35:44 -0700 (PDT)
Received: (from ache@localhost)
	by nagual.pp.ru (8.11.6/8.11.6) id f8LDZ5C62465;
	Fri, 21 Sep 2001 17:35:05 +0400 (MSD)
	(envelope-from ache)
Date: Fri, 21 Sep 2001 17:35:03 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Marc Rogers <marcr@shady.org>
Cc: Peter Pentchev <roam@ringlet.net>,
	Rob Andrews <rob@cyberpunkz.org>, FreeBSD-Security@FreeBSD.ORG
Subject: Re: login_conf vulnerability.
Message-ID: <20010921173502.A62350@nagual.pp.ru>
References: <20010921124410.D99287@shady.org> <20010921154834.B619@ringworld.oblivion.bg> <20010921075540.B71120@switchblade.cyberpunkz.org> <20010921160243.C619@ringworld.oblivion.bg> <20010921141937.N99287@shady.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20010921141937.N99287@shady.org>
User-Agent: Mutt/1.3.21i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Fri, Sep 21, 2001 at 14:19:37 +0100, Marc Rogers wrote:

> >  :copyright=/etc/master.passwd:

It is SSH+LOGIN_CAP integration bug. SSH should call setusercontext() 
before accessing "copyright" and "welcome" properties, as /usr/bin/login 
does.

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message