[Bug 222186] New: Weekly security check does not check for guessable passwords
https://bugzilla.novell.com/show_bug.cgi?id=222186 Summary: Weekly security check does not check for guessable passwords Product: SUSE LINUX 10.0 Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: Christian.Andretzky@MB.TU-Chemnitz.DE QAContact: qa@suse.de in /usr/lib/seccheck/security-weekly.sh in line 53 the existence of /usr/sbin/john and /usr/bin/unshadow is checked before the pasword checking routine is started. Unfortunately the location of unshadow has changed to /usr/sbin/unshadow. So the password checking is skippend. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=222186 thomas@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Comment #1 from thomas@novell.com 2006-11-20 04:12 MST ------- On my SL 10.0 machine I have no problem b/c the seccheck scripts use the correct path. I have this package installed (which maybe a test-versin from the past...): thomas@spiral:/tmp> rpm -q seccheck seccheck-2.0-516.5 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=222186 ------- Comment #2 from thomas@novell.com 2006-11-20 04:14 MST ------- Can you copy the result from a "rpm -q --changelog seccheck | head" in here? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=222186 ------- Comment #3 from Christian.Andretzky@MB.TU-Chemnitz.DE 2006-11-20 10:12 MST ------- * Mo Mär 06 2006 - thomas@suse.de - added patches to fix the usage of find (bug #154639) * Mi Jan 11 2006 - thomas@suse.de - removed seccheck-2.0_john-path.diff (bug #142053) * Mo Aug 08 2005 - thomas@suse.de The package is seccheck-2.0-516.4 BTW, a really off topic question: Do You know a simple way to focus some people in the kernel team to a very urgent problem. I posted a bug for some days with blocking attribute but no activity so far. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=222186 ------- Comment #4 from Christian.Andretzky@MB.TU-Chemnitz.DE 2006-11-20 10:39 MST ------- Oops - sorry this was a false alarm. I checked the packages in my install depot again an saw that I had older versions of secchk-weekly and -monthly which were distributed to my machines. Sorry again. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=222186 ------- Comment #5 from thomas@novell.com 2006-11-21 01:19 MST -------
BTW, a really off topic question: Do You know a simple way to focus some people in the kernel team to a very urgent problem. I posted a bug for some days with blocking attribute but no activity so far.
which bug number? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=222186 thomas@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |INVALID ------- Comment #6 from thomas@novell.com 2006-11-21 01:20 MST ------- (In reply to comment #4)
Oops - sorry this was a false alarm. I checked the packages in my install depot again an saw that I had older versions of secchk-weekly and -monthly which were distributed to my machines.
Sorry again.
No problem. :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com