Date: Sat, 22 Sep 2001 14:42:28 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Marc Rogers <marcr@shady.org> Cc: Peter Pentchev <roam@ringlet.net>, Rob Andrews <rob@cyberpunkz.org>, FreeBSD-Security@FreeBSD.ORG Subject: Re: login_conf vulnerability. Message-ID: <20010922144227.A82525@nagual.pp.ru> In-Reply-To: <20010922124326.A81031@nagual.pp.ru> References: <20010921124410.D99287@shady.org> <20010921154834.B619@ringworld.oblivion.bg> <20010921075540.B71120@switchblade.cyberpunkz.org> <20010921160243.C619@ringworld.oblivion.bg> <20010921141937.N99287@shady.org> <20010921173502.A62350@nagual.pp.ru> <20010922124326.A81031@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Sep 22, 2001 at 12:43:26 +0400, Andrey A. Chernov wrote: > > Giving more details, copyright and motd printing code must be moved from > do_login() to do_child(), after setusercontext() /session.c file/ > > It seems the patch will be easy, maybe I'll come with some variant. I have a patch, but it is not needed, since original code is not buggy: "copyright" and "welcome" are not overwriteable from "me" user class in any case. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010922144227.A82525>