[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: bunch of questions: pam_unix implementation... (long)



Solar Designer wrote:

> [ I've added the security-audit list to the CC:, as most of my
> answers are to security-related questions. ]
>
> > 1.c. It will be nice if we can determine _why_ shadow entry unavailable.
> > If getspnam() returns NULL, what a cause?  Maybe it just does not
> > exists,
>
> Yes, and the same applies to other get{pw,sp}* functions.  In
> particular, don't repeat the mistake of pam_unix and libpwdb where
> they assume that a NULL return from fgetpwent() and fgets() means
> EOF.  Both can lose data when updating the password file.
>
> I have a patch for this (and other potential issues) for libpwdb, it
> is to use ferror() after fgets().  I'm afraid there's no portable
> solution for the case of using fgetpwnam(), so you should probably
> avoid it when re-writing the password file.
>

I would like to know where to obtain this patch for libpwdb. Excuse me if the
info I am looking for is obvious, I am new to this mail-list.
Thanks

___
Pete O'Hara







[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []