[Pkg-shadow-commits] r3152 - debian/trunk/debian
Nicolas FRANÇOIS
nekral-guest at alioth.debian.org
Thu Mar 18 11:56:44 UTC 2010
Author: nekral-guest
Date: 2010-03-18 11:56:44 +0000 (Thu, 18 Mar 2010)
New Revision: 3152
Modified:
debian/trunk/debian/changelog
Log:
- Added support for dates already specified as a number of days since
Epoch in useradd, usermod and chage. Closes: #562221
Modified: debian/trunk/debian/changelog
===================================================================
--- debian/trunk/debian/changelog 2010-03-18 11:53:49 UTC (rev 3151)
+++ debian/trunk/debian/changelog 2010-03-18 11:56:44 UTC (rev 3152)
@@ -9,6 +9,8 @@
+ debian/patches/008_su_no_sanitize_env
- Updated patches:
+ debian/patches/523_su_arguments_are_no_more_concatenated_by_default
+ - Added support for dates already specified as a number of days since
+ Epoch in useradd, usermod and chage. Closes: #562221
* debian/securetty.kfreebsd: On GNU/kFreeBSD the serial devices have change
from /dev/cuuaX to /dev/ttydX in kernel 6.0. Closes: #544523
* debian/securetty.linux: Added support for embedded ARM AMBA PL011 ports
@@ -17,11 +19,14 @@
* debian/login.defs: Improve documentation of USERGROUPS_ENAB.
Closes: #572687
* debian/rules: Added DEB_AUTO_UPDATE_LIBTOOL = pre. Closes: #560633
- * debian/login.pam: return back to "requisite" for the pam_securetty
- PAM module. It's more important to avoid root logins over insecure
- terminals than having a very hypothetical attack based on sniffing
- incorrect usernames, followed by a brute force attack.
- Closes: #574082
+ * debian/login.pam: return back to mostly "requisite" for the pam_securetty
+ PAM module, but ignore PAM_USER_UNKNOWN. This will avoid root from
+ entering a password, and will also avoid user enumeration attacks.
+ Mis-typed root login are not protected, only root can be blamed for
+ mis-typing and entering a password on an insecure line. Users willing to
+ protect against mis-typed root login can use "requisite", but will be
+ vulnerable to user enumeration attacks on insecure lines, and should use
+ pam 1.1.0-4 at least. Closes: #574082, #531341
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sun, 24 Jan 2010 18:28:33 +0100
More information about the Pkg-shadow-commits
mailing list