From owner-cvs-all  Wed Oct 20 10:53:48 1999
Delivered-To: cvs-all@freebsd.org
Received: from troutmask.apl.washington.edu (troutmask.apl.washington.edu [128.95.76.54])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0FE2514C16; Wed, 20 Oct 1999 10:53:43 -0700 (PDT)
	(envelope-from sgk@troutmask.apl.washington.edu)
Received: (from sgk@localhost)
	by troutmask.apl.washington.edu (8.9.3/8.9.1) id KAA06036;
	Wed, 20 Oct 1999 10:59:23 -0700 (PDT)
	(envelope-from sgk)
From: Steve Kargl <sgk@troutmask.apl.washington.edu>
Message-Id: <199910201759.KAA06036@troutmask.apl.washington.edu>
Subject: Re: cvs commit: src/usr.bin/chpass pw_yp.c
In-Reply-To: <199910201520.IAA50392@freefall.freebsd.org> from Andrew Gallatin at "Oct 20, 1999 08:20:01 am"
To: gallatin@FreeBSD.ORG (Andrew Gallatin)
Date: Wed, 20 Oct 1999 10:59:23 -0700 (PDT)
Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL54 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk

Andrew Gallatin wrote:
> gallatin    1999/10/20 08:20:00 PDT
> 
>   Modified files:
>     usr.bin/chpass       pw_yp.c 
>   Log:
>   fix a serious bug where, on alpha, due to a an int/long type mismatch,
>   the uid arg to use_yp() was getting clobbered by the call to my_yp_match().
>   This led to a problem where a NIS user could edit root's passwd information.
>   

Yikes!

Does this warrant a message to CERT about a possible security
problem?

-- 
Steve


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message