[Bug 194604] New: [libpam] [patch] pam_unix doesn't allow validation of own password
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Oct 26 05:42:42 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194604
Bug ID: 194604
Summary: [libpam] [patch] pam_unix doesn't allow validation of
own password
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: Needs Triage
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: conrad.meyer at isilon.com
Created attachment 148656
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=148656&action=edit
(Apply with -p1; diff against r273647.)
Linux-PAM provides this functionality via a setuid helper program, and programs
have come to depend on it. In particular, enlightenment desktop's lock screen
uses this feature to allow unlocking. You could argue this is a bug in
enlightenment, but I'm not sure we'd prefer more ports shipping setuid helpers
instead of providing one standard one.
I don't see the harm in presenting the additional functionality, and it means
more Linux programs work on FreeBSD.
I have attempted to keep the setuid helper quite simple and keep the attack
surface small.
This helper only facilitates authentication, and like pam_unix, does not
validate account expiration time.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list