@fribbledom I didn't read the article but giving it a like just for the title.

@fribbledom great find!

In retrospect, it's weird that code only meant for the initial setup of a system is still present on an active system in the first place. It would be cool if those phases could be decoupled more.

@raboof @fribbledom in my mind, a good sign this sounds be part of the installer, not a part of the basic os.

It used to be. Why did that change?

@fribbledom Nice :oh_no_blob:
I will most certainly try reproducing it on 20.10.. This seems way too easy :oof:

@fribbledom hah, dropping prices before reading files seems pretty dangerous. Wonder if this would be better done by forking, dropping everything except a Unix socket, the dropping privs, opening the file and sending it back over.

@fribbledom how anybody even managed to stumble upon this is amazing, still needs fixing asap!

@fribbledom More proof that simple is better: Wouldn't have happened if the action of checking for user accounts was just reading a file.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!