I just got caught in having two different "validate" commands in my path.
The /usr/bin/validate version is from the dnssec-tools package. It has a man page and usage info and is a tool to diagnose dnssec lookups. The /usr/sbin/validate version is from the mod_auth_shadow package. It has no man page, no usage, no -h or --help. It is executed by the apache server to read /etc/shadow to do user auth. It is setuid root, and not meant to be executed by a user. I suggest moving /usr/sbin/validator into /usr/libexec, and probably talking to Dan Walsh about using SElinux to further restrict it so it cannot be executed by users or cgis. Paul ps. Jan: I also filed a crypt() NULL bug against mod_auth_shadow a while ago with a patch. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
