From owner-freebsd-security Sat Sep 22 15: 2:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-35.dsl.lsan03.pacbell.net [63.207.60.35]) by hub.freebsd.org (Postfix) with ESMTP id C0FA737B406; Sat, 22 Sep 2001 15:02:06 -0700 (PDT) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 5AA4566DDA; Sat, 22 Sep 2001 15:02:06 -0700 (PDT) Date: Sat, 22 Sep 2001 15:02:06 -0700 From: Kris Kennaway To: "Andrey A. Chernov" Cc: Alexander Langer , security@FreeBSD.org, rwatson@FreeBSD.org, current@FreeBSD.org, developers@FreeBSD.org Subject: Re: ~/.login_conf disabling exact reasons wanted Message-ID: <20010922150206.C6270@xor.obsecurity.org> References: <20010922143942.A82482@nagual.pp.ru> <20010922151116.A82718@nagual.pp.ru> <20010922151752.B82718@nagual.pp.ru> <20010922141217.B7524@fump.kawo2.rwth-aachen.de> <20010922164448.A83816@nagual.pp.ru> <20010922151107.C7524@fump.kawo2.rwth-aachen.de> <20010922172123.B84301@nagual.pp.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="UPT3ojh+0CqEDtpF" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010922172123.B84301@nagual.pp.ru>; from ache@nagual.pp.ru on Sat, Sep 22, 2001 at 05:21:24PM +0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --UPT3ojh+0CqEDtpF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 22, 2001 at 05:21:24PM +0400, Andrey A. Chernov wrote: > On Sat, Sep 22, 2001 at 15:11:07 +0200, Alexander Langer wrote: > > Thus spake Andrey A. Chernov (ache@nagual.pp.ru): > >=20 > > > Please, read me carefully. This bug not exist in -current, where it is > > > disabled by mistake via commit I complain. I not test other branches,= I > >=20 > > Err, the bugtraq message explicelty says "4.4". Even worse if it only > > exists in the production-branch. >=20 > Well, to be more carefull I'll need to say that it is hoax _for_-current_= =20 > as described. >=20 > Proper move will be MFC -current login_cap variant to other branches, not= =20 > disabling & not testing rush. This problem was reported to us at almost literally the very last minute..it was after Jordan had slipped several release dates already, and at least one of those postponements was because other security problems. There was no time to do a more thorough fix; now that the release is out we can revisit it, as was the intention all along. Kris --UPT3ojh+0CqEDtpF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7rQpdWry0BWjoQKURAqeRAJ4hZ1pXaSzsOJmBLPP3fiq6CqucowCfSeJw B2qM2gmqh0dILYpR670OEvo= =Gjgf -----END PGP SIGNATURE----- --UPT3ojh+0CqEDtpF-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message