oss-sec mailing list archives
Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package
From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 21 Jul 2016 22:21:59 +0200
Hi, On Wed, Jul 20, 2016 at 11:48:52PM +0200, Nicolas François wrote:
Hi, The first point looks like a non issue to me. getlogin() is used to differentiate users with the same UID. The result of getlogin() is checked: if it returns a username that do not have the UID returned by getuid(), it will be ignored.
@MITRE CVE assignment team: This is for CVE-2016-6251. See above and https://bugzilla.redhat.com/show_bug.cgi?id=1358622#c2 . Should this CVE be REJECTED? Regards, Salvatore
Current thread:
- subuid security patches for shadow package Sebastian Krahmer (Jul 19)
- Re: subuid security patches for shadow package Sebastian Krahmer (Jul 19)
- Re: subuid security patches for shadow package Eric W. Biederman (Jul 19)
- Re: [Pkg-shadow-devel] subuid security patches for shadow package Nicolas François (Jul 20)
- Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Salvatore Bonaccorso (Jul 22)
- Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Sebastian Krahmer (Jul 25)
- Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Sebastian Krahmer (Jul 25)
- Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Solar Designer (Jul 25)
- Re: subuid security patches for shadow package Eric W. Biederman (Jul 19)
- Re: subuid security patches for shadow package Sebastian Krahmer (Jul 19)