[Bug 194604] New: [libpam] [patch] pam_unix doesn't allow validation of own password

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194604

            Bug ID: 194604
           Summary: [libpam] [patch] pam_unix doesn't allow validation of
                    own password
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: Needs Triage
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: conrad.meyer at isilon.com

Created attachment 148656
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=148656&action=edit
(Apply with -p1; diff against r273647.)

Linux-PAM provides this functionality via a setuid helper program, and programs
have come to depend on it. In particular, enlightenment desktop's lock screen
uses this feature to allow unlocking. You could argue this is a bug in
enlightenment, but I'm not sure we'd prefer more ports shipping setuid helpers
instead of providing one standard one.

I don't see the harm in presenting the additional functionality, and it means
more Linux programs work on FreeBSD.

I have attempted to keep the setuid helper quite simple and keep the attack
surface small.

This helper only facilitates authentication, and like pam_unix, does not
validate account expiration time.

-- 
You are receiving this mail because:
You are the assignee for the bug.