[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Loosening file checks--a good idea?



One area in which Debian's PAM differs from the CVS mainline is that
we have applied a few patches to loosen file checks.  In particular,
for pam_rhosts, we allow .rhosts to be a symlink; similarly we allow
the file for pam_listfile to be a symlink.

It's my opinion that Debian actually shouldn't have done this as a
local change; too gratuitous of a difference.  So I'm asking what
people think about allowing symlinks in the upstream sources.

My personal opinion is that symlinks should not be allowed for .rhosts
because ruserok is documented (at least on Linux) not to allow them.

I think that allowing symlinks for pam_listfile is fine and
potentially useful.





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []