tag:blogger.com,1999:blog-3606809368389861108.post2842417537336983899..comments2023-06-26T05:54:35.088-07:00Comments on C-skills: openpam trickerySebastianhttp://www.blogger.com/profile/11886596387140041622noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-3606809368389861108.post-14563698508766243522011-11-21T08:31:51.220-08:002011-11-21T08:31:51.220-08:00Changesets 496 and 497 should further improve matt...Changesets <a href="http://trac.des.no/openpam/changeset?old_path=%2Ftrunk&old=495&new_path=%2Ftrunk&new=497" rel="nofollow">496 and 497</a> should further improve matters.Anonymoushttps://www.blogger.com/profile/17498929698193865496noreply@blogger.comtag:blogger.com,1999:blog-3606809368389861108.post-19149826384307319552011-11-21T00:02:16.482-08:002011-11-21T00:02:16.482-08:00BTW, I'd like your opinion on this patch, whic...BTW, I'd like your opinion on <a href="http://trac.des.no/openpam/changeset/493" rel="nofollow">this patch</a>, which should alleviate the issue. I'm considering introducing similar restrictions on policy files.Anonymoushttps://www.blogger.com/profile/17498929698193865496noreply@blogger.comtag:blogger.com,1999:blog-3606809368389861108.post-43111614768934878882011-11-20T23:59:14.827-08:002011-11-20T23:59:14.827-08:00Hi DES,
Indeed thats a point. Actually
such vulne...Hi DES,<br /><br />Indeed thats a point. Actually<br />such vulnerabilities exist because<br />its unclear who is responsible<br />for input cleaning.<br />FWIW, The same bug exists in squid and<br />squid3 package.Sebastianhttps://www.blogger.com/profile/11886596387140041622noreply@blogger.comtag:blogger.com,1999:blog-3606809368389861108.post-11455146493410666912011-11-19T17:21:32.707-08:002011-11-19T17:21:32.707-08:00The bug is in kcheckpass, not in OpenPAM. It shou...The bug is in kcheckpass, not in OpenPAM. It should not allow the user to specify which policy to use.<br /><br />BTW, I'm pretty sure FreeBSD's libpam maintainer is aware of recent changes in OpenPAM, but he has a policy of only importing official releases unless there is a critical bug that needs fixing.Anonymoushttps://www.blogger.com/profile/17498929698193865496noreply@blogger.com