Relevant BUGIDs: 667584 664290

Purpose of commit: bugfix Commit summary: --------------- Two bug fixes in one: don't trust getlogin() and sanely lower the time the password databases are locked in pam_unix.
author: Andrew G. Morgan <morgan@kernel.org> 2003-01-14 05:43:07 +0000
committer: Andrew G. Morgan <morgan@kernel.org> 2003-01-14 05:43:07 +0000
commit: 7050b307e9e712471d987e0c5f8dd1cb2260511c (patch)
tree: 5bf06d87cc804cb3255e12d0cb1b47064a2d1755 /CHANGELOG
parent: 2b71955aec63541e4b071c12eae9fba76e7085fa (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index ddcca978..b20bb87f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -55,6 +55,16 @@ bug report - outstanding bugs are listed here:
 0.78: please submit patches for this section with actual code/doc
       patches!
 
+* pam_unix: severe denial of service possible with this module since
+  it locked too aggressively. Bug report and testing help from Sascha
+  Loetz. (Bug 664290 - agmorgan)
+* getlogin was spoofable: "/tmp/" and "/dev/" have the same number of
+  characters, so 'ln /dev/tty /tmp/tty1 ; bash < /tmp/tty1 ; logname'
+  attacks could potentially spoof pam_wheel with the 'trust' module
+  argument into granting access to a luser. Also, pam_unix gave
+  odd error messages in such a situation (logname != uid). This
+  problem was found by David Endler of iDefense.com (Bug 667584 -
+  agmorgan).
 * added my new DSA public key to the pgp.keys.asc file. Also included
   a signed copy of my new public key (1024D/D41A6DF2) made with my old
   key (1024/2A398175).
author	Andrew G. Morgan <morgan@kernel.org>	2003-01-14 05:43:07 +0000
committer	Andrew G. Morgan <morgan@kernel.org>	2003-01-14 05:43:07 +0000
commit	7050b307e9e712471d987e0c5f8dd1cb2260511c (patch)
tree	5bf06d87cc804cb3255e12d0cb1b47064a2d1755 /CHANGELOG
parent	2b71955aec63541e4b071c12eae9fba76e7085fa (diff)