Date: Sat, 22 Sep 2001 15:02:06 -0700 From: Kris Kennaway <kris@obsecurity.org> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: Alexander Langer <alex@big.endian.de>, security@FreeBSD.org, rwatson@FreeBSD.org, current@FreeBSD.org, developers@FreeBSD.org Subject: Re: ~/.login_conf disabling exact reasons wanted Message-ID: <20010922150206.C6270@xor.obsecurity.org> In-Reply-To: <20010922172123.B84301@nagual.pp.ru>; from ache@nagual.pp.ru on Sat, Sep 22, 2001 at 05:21:24PM %2B0400 References: <20010922143942.A82482@nagual.pp.ru> <20010922151116.A82718@nagual.pp.ru> <20010922151752.B82718@nagual.pp.ru> <20010922141217.B7524@fump.kawo2.rwth-aachen.de> <20010922164448.A83816@nagual.pp.ru> <20010922151107.C7524@fump.kawo2.rwth-aachen.de> <20010922172123.B84301@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--UPT3ojh+0CqEDtpF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 22, 2001 at 05:21:24PM +0400, Andrey A. Chernov wrote: > On Sat, Sep 22, 2001 at 15:11:07 +0200, Alexander Langer wrote: > > Thus spake Andrey A. Chernov (ache@nagual.pp.ru): > >=20 > > > Please, read me carefully. This bug not exist in -current, where it is > > > disabled by mistake via commit I complain. I not test other branches,= I > >=20 > > Err, the bugtraq message explicelty says "4.4". Even worse if it only > > exists in the production-branch. >=20 > Well, to be more carefull I'll need to say that it is hoax _for_-current_= =20 > as described. >=20 > Proper move will be MFC -current login_cap variant to other branches, not= =20 > disabling & not testing rush. This problem was reported to us at almost literally the very last minute..it was after Jordan had slipped several release dates already, and at least one of those postponements was because other security problems. There was no time to do a more thorough fix; now that the release is out we can revisit it, as was the intention all along. Kris --UPT3ojh+0CqEDtpF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7rQpdWry0BWjoQKURAqeRAJ4hZ1pXaSzsOJmBLPP3fiq6CqucowCfSeJw B2qM2gmqh0dILYpR670OEvo= =Gjgf -----END PGP SIGNATURE----- --UPT3ojh+0CqEDtpF-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010922150206.C6270>