granicus.if.org Git - linux-pam/commit - modules/pam_unix/pam_unix

author	Andrew G. Morgan <morgan@kernel.org>
	Sun, 11 Feb 2001 06:33:53 +0000 (06:33 +0000)
committer	Andrew G. Morgan <morgan@kernel.org>
	Sun, 11 Feb 2001 06:33:53 +0000 (06:33 +0000)
commit	4e4d6bb78e3bd6430838d854832c58f104d5f559
tree	9f3223c9b38717da4db165ad13720367c76b6fbf	tree \| snapshot
parent	25188cef4bd88edeb68c1bd3c7b54c38e18ad151	commit \| diff

Relevant BUGIDs: 112540

Purpose of commit: minor security bugfix

Commit summary:
---------------
Fixes for the password helper binaries.
Before, there was no check that the password entered was actually that
of the intended user being authenticated. Instead, the password was
checked for the requesting user. While this disstinction sounds like a
security hole, its actually not been a problem in practice. The helper
binaries have only been used in the case that the application is not
setuid-0 and as such even if an improper authentication succeeded, the
application could not change its uid from that of the requesting user.

CHANGELOG		diff \| blob \| history
modules/pam_pwdb/pwdb_chkpwd.c		diff \| blob \| history
modules/pam_pwdb/support.-c		diff \| blob \| history
modules/pam_unix/Makefile		diff \| blob \| history
modules/pam_unix/pam_unix_passwd.c		diff \| blob \| history
modules/pam_unix/support.c		diff \| blob \| history
modules/pam_unix/unix_chkpwd.c		diff \| blob \| history