* src/login.c: Added comment to make sure PAM_RHOST or PAM_TTY do

author nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>

Sun, 19 Apr 2009 13:33:24 +0000 (13:33 +0000)

committer nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>

Sun, 19 Apr 2009 13:33:24 +0000 (13:33 +0000)
author nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Sun, 19 Apr 2009 13:33:24 +0000 (13:33 +0000)
committer nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Sun, 19 Apr 2009 13:33:24 +0000 (13:33 +0000)
diff --git a/ChangeLog b/ChangeLog

index 0d5e41415465c0d73acc95805e70312d37de1180..f99b651fae11b6f5d530b79ac5e0ca935bf8231d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2009-04-19  Nicolas François  <nicolas.francois@centraliens.net>
+
+       * src/login.c: Added comment to make sure PAM_RHOST or PAM_TTY do
+       not get set to unsanitized values.
+
  2009-04-17  Paul Szabo  <psz@maths.usyd.edu.au>
  
         * NEWS, src/login.c: Do not trust the current utmp entry's ut_line
diff --git a/src/login.c b/src/login.c

index afa1876cc798aec77ba046abb0493c800e43072f..94614a4f14a407e8d135a081fdb05f057f971047 100644 (file)
--- a/src/login.c
+++ b/src/login.c
@@ -657,6 +657,9 @@ int main (int argc, char **argv)
          * hostname & tty are either set to NULL or their correct values,
          * depending on how much we know. We also set PAM's fail delay to
          * ours.
+        *
+        * PAM_RHOST and PAM_TTY are used for authentication, only use
+        * information coming from login or from the caller (e.g. no utmp)
          */
         retcode = pam_set_item (pamh, PAM_RHOST, hostname);
         PAM_FAIL_CHECK;
author	nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
	Sun, 19 Apr 2009 13:33:24 +0000 (13:33 +0000)
committer	nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
	Sun, 19 Apr 2009 13:33:24 +0000 (13:33 +0000)
ChangeLog		patch \| blob \| history
src/login.c		patch \| blob \| history