Date: Sun, 26 Oct 2014 05:42:42 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 194604] New: [libpam] [patch] pam_unix doesn't allow validation of own password Message-ID: <bug-194604-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194604 Bug ID: 194604 Summary: [libpam] [patch] pam_unix doesn't allow validation of own password Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: Needs Triage Severity: Affects Some People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: conrad.meyer@isilon.com Created attachment 148656 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=148656&action=edit (Apply with -p1; diff against r273647.) Linux-PAM provides this functionality via a setuid helper program, and programs have come to depend on it. In particular, enlightenment desktop's lock screen uses this feature to allow unlocking. You could argue this is a bug in enlightenment, but I'm not sure we'd prefer more ports shipping setuid helpers instead of providing one standard one. I don't see the harm in presenting the additional functionality, and it means more Linux programs work on FreeBSD. I have attempted to keep the setuid helper quite simple and keep the attack surface small. This helper only facilitates authentication, and like pam_unix, does not validate account expiration time. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-194604-8>