[sork] Debian package, sork - passwd.
Lionel Elie Mamane
lmamane at debian.org
Sat Sep 3 10:51:18 PDT 2005
On Sat, Sep 03, 2005 at 12:36:09PM -0500, Eric Rostetter wrote:
> Quoting Lionel Elie Mamane <lionel at mamane.lu>:
>> On Sat, Sep 03, 2005 at 10:05:31AM -0400, Chuck Hagenbuch wrote:
>>> Quoting Lionel Elie Mamane <lionel at mamane.lu>:
>>>> I tried contributing a patch
>>> even better, post it as either an enhancement or bug ticket (as
>>> appropriate) on bugs.horde.org,
>> Have just done that, ticket #2550.
> I don't remember ever seeing this patche submitted,
http://lists.horde.org/archives/sork/Week-of-Mon-20030310/000830.html
It's been in the Debian package since then.
> but it does sound very interesting.
> It should be a useful addition to sork.
Thanks.
> A bit of a security concern,
The only concern I could think of is if the user (having already
successfully authenticated!) manages to trigger a buffer overflow in
passwd or something like that. As a setuid-root program, this would
mean that particular Unix (or Unix clone) would have a local root
privilege escalation problem anyway.
--
Lionel
More information about the sork
mailing list