On Wed, Jan 12, 2005 at 02:00:46PM -0500, Grzegorz B. Prokopski wrote:
> > > That's an .. unlikely .. bug to occur in practise. I guess only
> > > root can modify the GECOS field.
> >
> > No, you can use the chfn command to change all data in your own GECOS field
> > except your real name. The command checks the length of all data, so you
> > probably can't use it for this attack (it might be possible to enter the
> > maximum amount in each field and make it reach 160 bytes that way). There are
> > other systems that will let you edit your GECOS field, like webmin (I think)
> > and more.
> >
> > It's not a really serious bug, but IMHO worth fixing.
>
> I do not have my new GPG key signed yet (sigh) so I am in no position to
> perform an upload. Could somebody please apply the fix and NMU?
I will do so tomorrow if nobody else beats me to it.
Steve
--Received on Wed Jan 12 2005 - 19:02:26 GMT