Date: Thu, 21 Jul 2016 22:21:59 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: "Eric W. Biederman" <ebiederm@...ssion.com>, Sebastian Krahmer <krahmer@...e.com>, oss-security@...ts.openwall.com, pkg-shadow-devel@...ts.alioth.debian.org, CVE Assignments MITRE <cve-assign@...re.org> Subject: Re: Re: [Pkg-shadow-devel] subuid security patches for shadow package Hi, On Wed, Jul 20, 2016 at 11:48:52PM +0200, Nicolas François wrote: > Hi, > > The first point looks like a non issue to me. > > getlogin() is used to differentiate users with the same UID. > The result of getlogin() is checked: if it returns a username that do not > have the UID returned by getuid(), it will be ignored. @MITRE CVE assignment team: This is for CVE-2016-6251. See above and https://bugzilla.redhat.com/show_bug.cgi?id=1358622#c2 . Should this CVE be REJECTED? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ