Date: Wed, 6 Feb 2002 06:29:25 -0600 From: "Jacques A. Vidrine" <n@nectar.cc> To: Mark Murray <mark@grondar.za> Cc: "Andrey A. Chernov" <ache@nagual.pp.ru>, des@FreeBSD.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c Message-ID: <20020206122925.GD53286@madman.nectar.cc> In-Reply-To: <200202052219.g15MJhs32408@greenpeace.grondar.org> References: <20020205214703.GA8579@nagual.pp.ru> <200202052219.g15MJhs32408@greenpeace.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 05, 2002 at 10:19:38PM +0000, Mark Murray wrote: > > On Tue, Feb 05, 2002 at 23:59:08 +0300, Andrey A. Chernov wrote: > > > > > It is OK at this point, but broken _after_ PAM called. > > > Lets imagine srandom(33) produce this hypotetical sequence for random() > > > calls: > > > > To see the bug, run following test application with "call_pam" set to 1 > > and 0 > > The bug is doing userland stuff before the authentication IMO. No, the bug is in the usage of srandom/random by what for all purposes is implementation code. C99 spells out quite clearly for srand/rand that these functions shall behave as if the implementation never calls them. I cannot find such a requirement in POSIX for srandom/random, but POLA dictates that the same semantics apply. Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020206122925.GD53286>