cvs commit: src/libexec/rexecd rexecd.c
Dag-Erling Smørgrav
des at des.no
Mon Apr 4 06:12:14 PDT 2005
Jacques Vidrine <nectar at FreeBSD.org> writes:
> A separate bug was introduced at the same time. The PAM library
> functions are called between the invocation of getpwnam(3) and the use
> of the returned static object. Since many PAM library functions
> result in additional getpwnam(3) calls, the contents of the returned
> static object could be changed from under rexecd. With this commit,
> getpwnam_r(3) is used instead.
This is incorrect, because PAM may change the login name, so the
struct passwd you got before calling PAM might not be the one you
actually need. The simplest fix is to revert this patch and instead
add
pam_get_item(pamh, PAM_USER, &user);
pwd = getpwnam(user);
after the PAM transaction.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the cvs-src
mailing list