From owner-freebsd-security Sat Sep 22 4:11:32 2001 Delivered-To: freebsd-security@freebsd.org Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42]) by hub.freebsd.org (Postfix) with ESMTP id 3D9B937B410; Sat, 22 Sep 2001 04:11:21 -0700 (PDT) Received: (from ache@localhost) by nagual.pp.ru (8.11.6/8.11.6) id f8MBBJ682876; Sat, 22 Sep 2001 15:11:19 +0400 (MSD) (envelope-from ache) Date: Sat, 22 Sep 2001 15:11:17 +0400 From: "Andrey A. Chernov" To: security@FreeBSD.ORG, rwatson@FreeBSD.ORG Cc: current@FreeBSD.ORG, developers@FreeBSD.ORG Subject: Re: ~/.login_conf disabling exact reasons wanted Message-ID: <20010922151116.A82718@nagual.pp.ru> References: <20010922143942.A82482@nagual.pp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20010922143942.A82482@nagual.pp.ru> User-Agent: Mutt/1.3.21i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, Sep 22, 2001 at 14:39:43 +0400, Andrey A. Chernov wrote: > As commit/immediate MFC message says: > > Disable per-user .login_conf support due to incorrect merging of local > and globaly settings. An alternative implementation will be developed. > > Reported by: Przemyslaw Frasunek > > Where I can see his report? Really I don't understand all that rush with > ~/.login_conf disabling which breaks locale f.e. If you mean his report in BUGTRAQ http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=215381&start=2001-09-19&end=2001-09-25 it is hoax, we don't have such vulnerability in -current as I test. Please TEST things before commiting, especially to all branches. Please back it out. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message