| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | chsh, chfn, vipw: fix filenames collision | Karel Zak | 2015-08-24 | 1 | -1/+5 |
| | | | | | | | | | | | | | | | | | | | The utils when compiled WITHOUT libuser then mkostemp()ing "/etc/%s.XXXXXX" where the filename prefix is argv[0] basename. An attacker could repeatedly execute the util with modified argv[0] and after many many attempts mkostemp() may generate suffix which makes sense. The result maybe temporary file with name like rc.status ld.so.preload or krb5.keytab, etc. Note that distros usually use libuser based ch{sh,fn} or stuff from shadow-utils. It's probably very minor security bug. Addresses: CVE-2015-5224 Signed-off-by: Karel Zak <kzak@redhat.com> | ||||
| * | pathnames: clean up various user database paths | Sami Kerola | 2012-03-18 | 1 | -1/+1 |
| | | | | | Signed-off-by: Sami Kerola <kerolasa@iki.fi> | ||||
| * | vipw: use xmkstemp() and lckpwdf() | Sami Kerola | 2012-03-18 | 1 | -31/+8 |
| | | | | | | | Get rid private locking schema and use libc instead. Signed-off-by: Sami Kerola <kerolasa@iki.fi> | ||||
| * | Imported from util-linux-2.11b tarball. | Karel Zak | 2006-12-07 | 1 | -0/+17 |
| | | |||||
| * | Imported from util-linux-2.10s tarball. | Karel Zak | 2006-12-07 | 1 | -5/+2 |
| | | |||||
| * | Imported from util-linux-2.7.1 tarball. | Karel Zak | 2006-12-07 | 1 | -0/+38 |
 |
index : openslx/kernel-qcow2-util-linux.git | |
| In-kernel qcow2 (losetup) | OpenSLX |
| summaryrefslogtreecommitdiffstats |