From owner-cvs-src  Sat Feb 15 15:44:14 2003
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 70F8537B405; Sat, 15 Feb 2003 15:44:09 -0800 (PST)
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 4093243F85; Sat, 15 Feb 2003 15:44:08 -0800 (PST)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: from pobrecita.freebsd.ru (ache@localhost [127.0.0.1])
	by nagual.pp.ru (8.12.7/8.12.7) with ESMTP id h1FNi7EJ072473;
	Sun, 16 Feb 2003 02:44:07 +0300 (MSK)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: (from ache@localhost)
	by pobrecita.freebsd.ru (8.12.7/8.12.6/Submit) id h1FNi6dn072472;
	Sun, 16 Feb 2003 02:44:06 +0300 (MSK)
	(envelope-from ache)
Date: Sun, 16 Feb 2003 02:44:06 +0300
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: Dag-Erling Smorgrav <des@FreeBSD.org>
Cc: src-committers@FreeBSD.org, cvs-src@FreeBSD.org,
	cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/lib/libpam/modules/pam_opieaccess pam_opieaccess.c
Message-ID: <20030215234406.GD72156@nagual.pp.ru>
References: <200302152326.h1FNQnAr027546@repoman.freebsd.org> <20030215233943.GC72156@nagual.pp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030215233943.GC72156@nagual.pp.ru>
User-Agent: Mutt/1.5.1i
Sender: owner-cvs-src@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-src.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-src>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-src>
X-Loop: FreeBSD.ORG

On Sun, Feb 16, 2003 at 02:39:43 +0300, Andrey A. Chernov wrote:
> On Sat, Feb 15, 2003 at 15:26:49 -0800, Dag-Erling Smorgrav wrote:
> > des         2003/02/15 15:26:49 PST
> > 
> >   Modified files:
> >     lib/libpam/modules/pam_opieaccess pam_opieaccess.c 
> >   Log:
> >   Assume "localhost" if no remote host was specified.  This is safe from a
> >   POLA point of view since the stock /etc/opieaccess now allows localhost.
> 
> There is no needs to explicately allow localhost in /etc/opieaccess. It is
> already works by default, as designed, see OPIE code. Your this and 
> /etc/opieaccess changes breaks POLA.

 
Look at this code from accessfile.c:
 if (!host[0])
    /* Local login, okay */
    return (1);
 

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-src" in the body of the message