[Pkg-shadow-commits] r139 - in trunk/debian: . patches

Martin Quinson pkg-shadow-devel@lists.alioth.debian.org
Fri, 13 May 2005 20:53:36 +0000 

Author: mquinson
Date: 2005-05-13 20:53:36 +0000 (Fri, 13 May 2005)
New Revision: 139

Added:
   trunk/debian/patches/421_login.1_pishing
Modified:
   trunk/debian/changelog
   trunk/debian/patches/series
Log:
Document how to initiate a trusted path under Linux (closes #305600)

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2005-05-13 20:43:35 UTC (rev 138)
+++ trunk/debian/changelog	2005-05-13 20:53:36 UTC (rev 139)
@@ -13,7 +13,9 @@
   * Debian specific programs fixes:
     - NONE
   * Upstream bugs not fixed in upstream releases or CVS:
-    - NONE
+    - 421_login.1_pishing:
+      Document how to initiate a trusted path under Linux
+      Closes: #305600
   * Upstream bugs already fixed in upstream releases or CVS:
     - 324_configure.in-no-debian-dir:
       Separated from 004_configure.in : this change will not be needed when

Added: trunk/debian/patches/421_login.1_pishing
===================================================================
--- trunk/debian/patches/421_login.1_pishing	2005-05-13 20:43:35 UTC (rev 138)
+++ trunk/debian/patches/421_login.1_pishing	2005-05-13 20:53:36 UTC (rev 139)
@@ -0,0 +1,22 @@
+Goal: document how to initiate a trusted path on linux.
+Fixes: #305600 by documenting that the answer is in the kernel.
+
+Status wrt upstream: unknown
+
+Index: shadow-4.0.3/man/login.1
+===================================================================
+--- shadow-4.0.3.orig/man/login.1	2005-05-13 22:37:38.939127155 +0200
++++ shadow-4.0.3/man/login.1	2005-05-13 22:47:54.019226226 +0200
+@@ -122,6 +122,12 @@ The location of files is subject to diff
+ .PP
+ The \fBlogin\fR program is NOT responsible for removing users from the utmp file.
+ It is the responsibility of
++.PP
++As any program, \fBlogin\fR appearance could be faked. If non-trusted users have a
++physical access to the machine, an attacker could use this to obtain the
++password of the next person sitting in front of the machine. Under Linux,
++the SAK mecanism can be used by users to initiate of a trusted path and
++prevent this kind of attack. 
+ .BR getty (8)
+ and
+ .BR init (8)

Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series	2005-05-13 20:43:35 UTC (rev 138)
+++ trunk/debian/patches/series	2005-05-13 20:53:36 UTC (rev 139)
@@ -68,3 +68,4 @@
 405_subsystem_remove_*_in_shell.dpatch
 406_good_name.dpatch
 407_32char_grnames.dpatch
+421_login.1_pishing