8f12f32e0d
5.0-RELEASE), a visually elusive bug was introduced. A comparison operator was changed to assignment. As a result, rexecd behaved always as if the `-i' option had been specified. It would allow root logins. This commit corrects the situation in the obvious way. A separate bug was introduced at the same time. The PAM library functions are called between the invocation of getpwnam(3) and the use of the returned static object. Since many PAM library functions result in additional getpwnam(3) calls, the contents of the returned static object could be changed from under rexecd. With this commit, getpwnam_r(3) is used instead. Other PAM-using applications should be reviewed for similar errors in getpw* usage. Security: rexecd's documented default policy of disallowing root logins was not enforced. Reviewed by: cperciva |
||
---|---|---|
.. | ||
Makefile | ||
rexecd.8 | ||
rexecd.c |