From: nekral-guest Date: Sun, 19 Apr 2009 13:33:24 +0000 (+0000) Subject: * src/login.c: Added comment to make sure PAM_RHOST or PAM_TTY do X-Git-Tag: 4.1.4~174 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8156c3b0befd71cab31fca48f1ea4b0aca6a7302;p=shadow * src/login.c: Added comment to make sure PAM_RHOST or PAM_TTY do not get set to unsanitized values. --- diff --git a/ChangeLog b/ChangeLog index 0d5e4141..f99b651f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2009-04-19 Nicolas François + + * src/login.c: Added comment to make sure PAM_RHOST or PAM_TTY do + not get set to unsanitized values. + 2009-04-17 Paul Szabo * NEWS, src/login.c: Do not trust the current utmp entry's ut_line diff --git a/src/login.c b/src/login.c index afa1876c..94614a4f 100644 --- a/src/login.c +++ b/src/login.c @@ -657,6 +657,9 @@ int main (int argc, char **argv) * hostname & tty are either set to NULL or their correct values, * depending on how much we know. We also set PAM's fail delay to * ours. + * + * PAM_RHOST and PAM_TTY are used for authentication, only use + * information coming from login or from the caller (e.g. no utmp) */ retcode = pam_set_item (pamh, PAM_RHOST, hostname); PAM_FAIL_CHECK;