On Tue, Aug 25, 2009 at 07:13:55PM -0400, Michael Spang wrote: > I see two solutions:
> 1. Use setgid(getgid()) as suggested in the patch. This closely > matches upstream. We'll end up returning PAM_AUTHINFO_UNAVAIL > after getspnam() is called. What testing have you done of this approach? I agree that this appears to be the right thing to do, and it holds up to my own analysis but it would be great to have some empirical confirmation before I make the change. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org
signature.asc
Description: Digital signature
