37 lines
1.2 KiB
Plaintext
37 lines
1.2 KiB
Plaintext
look at
|
|
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=89145
|
|
http://qa.mandrakesoft.com/show_bug.cgi?id=3781
|
|
|
|
use configurations under $PREFIX --sysconfdir
|
|
|
|
maybe install from doc, etc examples
|
|
|
|
use this buildlink3 for util-linux
|
|
|
|
pkg_create: Overwriting /usr/bin/groups - pkg sh-utils-2.0nb2 bogus/conflicting?
|
|
pkg_create: Overwriting /usr/man/man1/su.1 - pkg sh-utils-2.0nb2 bogus/conflicti
|
|
ng?
|
|
<unset_progname>: Overwriting /usr/man/man1/passwd.1 - pkg openssl-0.9.6g bogus/
|
|
conflicting?
|
|
shadow has conflicts with sysutils/user too?
|
|
|
|
gentoo says
|
|
# Do not install this login, but rather the one from
|
|
# pam-login, as this one have a serious root exploit
|
|
# with pam_limits in use.
|
|
|
|
INSTALL uses -o ${BINOWN} -g ${BINGRP}
|
|
so setuid root tools don't work!
|
|
suidbins = su
|
|
suidubins = chage chfn chsh expiry gpasswd newgrp passwd
|
|
later consider having dedicated users and/or groups for this
|
|
|
|
login.defs needed for su and sshd (and others)
|
|
so provide that file
|
|
but the manpage says: no longer used by programs ... handled by PAM now
|
|
|
|
- This package has known vulnerabilities, please investigate and fix
|
|
if possible:
|
|
CVE-2005-4890, CVE-2011-0721, CVE-2013-4235, CVE-2016-6252,
|
|
CVE-2017-12424, CVE-2018-7169, CVE-2019-19882
|