On 21-Aug-2008, Julien Cristau wrote: > This is wrong. screen has no way to know that unix_chkpwd > segfaulted. > It's indeed a different bug, but it's still in pam.
On 20-Aug-2008, Steve Langasek wrote: > On Thu, Aug 21, 2008 at 01:46:40PM +1000, Ben Finney wrote: > > However, screen's behaviour in this instance is also buggy and > > insecure: i.e., that screen treats "segfault in pam_authenticate" > > as "successful authentication". > > No, there is no error in screen that I've found. I would have done > this clone/reassign myself if I had been able to find one. The > failure is that, when the child process that was spawned for > unix_chkpwd dies with a signal, pam_unix itself returns PAM_SUCCESS. > > Julien Cristau has already worked on a patch for this, which is now > in my possession and will be forwarded upstream when I get a chance. Okay, thanks to both of you for fixing this appropriately. -- \ "Success is going from one failure to the next without a loss | `\ of enthusiasm." -- Winston Churchill | _o__) | Ben Finney <[EMAIL PROTECTED]>
signature.asc
Description: Digital signature
