Comment 3 for bug 499425
Revision history for this message
| Christoph (christoph-pleger-cs) wrote Re: [Bug 499425] Re: getpwnam shows shadow passwords of NIS users | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Hello,
On Tue, 22 Dec 2009 23:00:55 -0000
Kees Cook <email address hidden> wrote:
> Hello! Thanks for the report and the patch. One thing I'm curious
> about; isn't it possible for a local user to just use "ypcat
> passwd.
No, only the root user can look at passwd.
user calls "ypcat passwd.
is shown:
No such map passwd.
domain
> Regardless, I
> would be curious to see if upstream glibc would be willing to use your
> patch. Have you opened a bug with glibc?
> http://
No, not yet, I thought that Debian or Ubuntu would send the patch
upstream. Do you think that I should do that?
>
> Also, IIUC, this is not a "private" security issue, in that NIS
> leaking encrypted passwords is a fairly well understood limitation.
> Should this bug be made public to get more people looking at it?
I also reported the bug to Debian, so the security violation is
already public. So, it's no problem to make it public in Ubuntu, too.
Regards
Christoph