Probably a security hole in F13?
Steven I Usdansky
usdanskys at rocketmail.com
Fri Apr 23 10:32:26 UTC 2010
----- Original Message ----
> From: Joachim Backes <joachim.backes at rhrk.uni-kl.de>
> To: Fedora test <test at lists.fedoraproject.org>
> Sent: Fri, April 23, 2010 2:41:11 AM
> Subject: Probably a security hole in F13?
>
> Hi,
I want to report some weird F13 behaviour:
Booting into
> runlevel 3 (with RHGB, appending ' 3' after RHGB). After boot is completed, goto
> on console #1.
0. Waiting some seconds
1. Very often, when typing the
> username, it is *not echoed* (but accepted)
2a. In this case, typing in the
> password, it is fully reflected :-(
------ this appears on console #1
> -----------------
Fedora release 13 (Goddard)
Kernel 2.6.33.2-57.fc13.i686
> on an i686 (tty1)
eule login: Password: testuser
[testuser at eule
> ~]$
------------------------ OR case 2b, username is reflected ----
> ---------------------------- and password is reflected ---------
Fedora
> release 13 (Goddard)
Kernel 2.6.33.2-57.fc13.i686 on an i686
> (tty1)
eule login: testuser
Password:testuser
Last login: Thu Apr
> ........... from
> localhost.localdomain
------------------------------------------------------------
But:
> If booting into runlevel 3 *without RHGB*, or into runlevel 5, the described
> effect does not appear.
Anybode made similar experiences?
--
> Joachim Backes <
I boot into runlevel3 with rhgb off. I've seen the password echo, I've seen the
username not echoed. I've seen no carriage returns between the greeter
message, username request, and password request. It's not consistent.
I have noticed that even when the login request on tty1 is messed up, if I
switch to tty2, it seems to work properly.
More information about the test
mailing list