cvs commit: src/libexec/rexecd rexecd.c
Jacques Vidrine
nectar at FreeBSD.org
Sun Mar 27 05:59:44 PST 2005
nectar 2005-03-27 13:59:44 UTC
FreeBSD src repository
Modified files:
libexec/rexecd rexecd.c
Log:
When PAM support was added to rexecd in revision 1.29 (just prior to
5.0-RELEASE), a visually elusive bug was introduced. A comparison
operator was changed to assignment. As a result, rexecd behaved
always as if the `-i' option had been specified. It would allow root
logins. This commit corrects the situation in the obvious way.
A separate bug was introduced at the same time. The PAM library
functions are called between the invocation of getpwnam(3) and the use
of the returned static object. Since many PAM library functions
result in additional getpwnam(3) calls, the contents of the returned
static object could be changed from under rexecd. With this commit,
getpwnam_r(3) is used instead.
Other PAM-using applications should be reviewed for similar errors in
getpw* usage.
Security: rexecd's documented default policy of disallowing root
logins was not enforced.
Reviewed by: cperciva
Revision Changes Path
1.37 +17 -2 src/libexec/rexecd/rexecd.c
More information about the cvs-src
mailing list