diff options
| author | Sam Hartman <hartmans@debian.org> | 2021-02-01 16:40:25 -0500 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2021-09-15 17:52:35 -0700 |
| commit | 7dec8233c6ce514187804f58e8489c8e819f478a (patch) | |
| tree | 6b308fec75db1b94d874440889991bee42062405 /debian/changelog | |
| parent | 3c8e0c11da150a11efdd9b6f0978ac331605d52b (diff) | |
patches-applied/pam_mkhomedir_stat_before_opendir: Stat the skeleton directory before opendir
According to https://bugs.debian.org/834589 there are cases where the
kernel will not permit opendir before stat of the enclosing directory.
In the described case it was autofs, but I can see various filesystems
that mount a network namespace doing the same thing trying to prevent
excessive network traffic from a tree traversal. Statting the autofs
entry before opendir causes it to work.
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 29abc9b5..f99a71ee 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,8 @@ pam (1.4.0-3) UNRELEASED; urgency=medium Closes: #978601 [ Sam Hartman ] + * patches-applied/pam_mkhomedir_stat_before_opendir: Stat the skeleton + directory before opendir, Closes: #834589 * libpam-modules.install: Install pam_faillock binaries, Closes: #981092 * debian/patches-applied/pam_unix_initialize_daysleft : Initialize days before password expire, Closes: #980285 * pam-configs/unix: Default to yescript rather than sha512. From a theoretical security standpoint, it looks like yescript has similar security properties, assuming (as we typically do in the crypto protocol community) that sha256 is still reasonable. However, in terms of practical resistant to password cracking, particularly in terms of valuing space complexity as well as time complexity, yescript is superior, Closes: #978553 |