Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 21 Jul 2016 22:21:59 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: "Eric W. Biederman" <ebiederm@...ssion.com>,
	Sebastian Krahmer <krahmer@...e.com>,
	oss-security@...ts.openwall.com,
	pkg-shadow-devel@...ts.alioth.debian.org,
	CVE Assignments MITRE <cve-assign@...re.org>
Subject: Re: Re: [Pkg-shadow-devel] subuid security patches
 for shadow package

Hi,

On Wed, Jul 20, 2016 at 11:48:52PM +0200, Nicolas François wrote:
> Hi,
> 
> The first point looks like a non issue to me.
> 
> getlogin() is used to differentiate users with the same UID.
> The result of getlogin() is checked: if it returns a username that do not
> have the UID returned by getuid(), it will be ignored.

@MITRE CVE assignment team: This is for CVE-2016-6251. See above and
https://bugzilla.redhat.com/show_bug.cgi?id=1358622#c2 . 

Should this CVE be REJECTED?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ