Date: Wed, 20 Oct 1999 10:59:23 -0700 (PDT) From: Steve Kargl <sgk@troutmask.apl.washington.edu> To: gallatin@FreeBSD.ORG (Andrew Gallatin) Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/chpass pw_yp.c Message-ID: <199910201759.KAA06036@troutmask.apl.washington.edu> In-Reply-To: <199910201520.IAA50392@freefall.freebsd.org> from Andrew Gallatin at "Oct 20, 1999 08:20:01 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Andrew Gallatin wrote: > gallatin 1999/10/20 08:20:00 PDT > > Modified files: > usr.bin/chpass pw_yp.c > Log: > fix a serious bug where, on alpha, due to a an int/long type mismatch, > the uid arg to use_yp() was getting clobbered by the call to my_yp_match(). > This led to a problem where a NIS user could edit root's passwd information. > Yikes! Does this warrant a message to CERT about a possible security problem? -- Steve To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910201759.KAA06036>