[Secure-testing-team] Bug#699593: login: wrong egid
Michael Tsang
miklcct at gmail.com
Sat Feb 2 08:53:47 UTC 2013
Package: login
Version: 1:4.1.5.1-1
Severity: grave
Tags: security
Justification: user security hole
Dear Maintainer,
Debian GNU/kFreeBSD logs me with a wrong egid. I did the following steps:
1. Install a new copy of Debian GNU/kFreeBSD
2. Configure the system to use LDAP authentication
3. Add an LDAP user to a local group (e.g. sudo)
4. Log into that user
Then, I found that bash does not read the configuration files since gid and
egid are different. This is wrong. The egid should be the same as the primary
gid when logging in. Refer to #698102 for more details.
Regards,
Michael
-- System Information:
Debian Release: 7.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_HK.UTF-8, LC_CTYPE=en_HK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages login depends on:
ii libc6 2.13-37
ii libpam-modules 1.1.3-7.1
ii libpam-runtime 1.1.3-7.1
ii libpam0g 1.1.3-7.1
login recommends no packages.
login suggests no packages.
-- no debconf information
More information about the Secure-testing-team
mailing list