Noticed a Debian bug report [1] that indicates that the way mingetty calls chroot() makes it fairly trivial to break out of it. They also note that the chroot(), chdir(), and nice() calls do no error checking. A patch is attached to the bug report. I've looked, and nowhere in Fedora (or RHEL) can I see us using any of these options (--chroot, --chdir, or --nice); we just call mingetty with the TTY to listen to and no further options. So this isn't something we likely need to worry about fixing in older releases for two reasons: 1) it's not used by default and 2) it would be a low impact local-only issue. It would, however, be a bug that should be fixed for future versions of Fedora. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=597382
mingetty-1.08-5.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/mingetty-1.08-5.fc14
mingetty-1.08-5.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/mingetty-1.08-5.fc13
mingetty-1.08-5.fc12 has been submitted as an update for Fedora 12. https://admin.fedoraproject.org/updates/mingetty-1.08-5.fc12
mingetty-1.08-5.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update mingetty'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/mingetty-1.08-5.fc12
mingetty-1.08-5.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
mingetty-1.08-5.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
mingetty-1.08-5.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
Fixing a few unintentional changes in the ticket metadata.