pam_timestamp: fix potential directory traversal issue (ticket #27)

pam_timestamp uses values of PAM_RUSER and PAM_TTY as components of
the timestamp pathname it creates, so extra care should be taken to
avoid potential directory traversal issues.

* modules/pam_timestamp/pam_timestamp.c (check_tty): Treat
"." and ".." tty values as invalid.
(get_ruser): Treat "." and ".." ruser values, as well as any ruser
value containing '/', as invalid.

Fixes CVE-2014-2583.

Reported-by: Sebastian Krahmer <krahmer@suse.de>

0 files changed, 0 insertions, 0 deletions