Source-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [netbsd-4-0] src/dist/openpam/lib
Module Name: src
Committed By: bouyer
Date: Sat Nov 19 14:38:31 UTC 2011
Modified Files:
src/dist/openpam/lib [netbsd-4-0]: openpam_configure.c
Log Message:
Pull up following revision(s) (requested by drochner in ticket #1439):
dist/openpam/lib/openpam_configure.c: revision 1.6
Don't allow '/' characters in the "service" argument to pam_start()
The "service" is blindly appended to config directories ("/etc/pam.d/"),
and if a user can control the "service" it can get PAM to read config
files from any location.
This is not a problem with most software because the "service" is
usually a constant string. The check protects 3rd party software
from being abused.
(CVE-2011-4122)
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.4.20.1 src/dist/openpam/lib/openpam_configure.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Home |
Main Index |
Thread Index |
Old Index