Date: Sun, 16 Feb 2003 02:44:06 +0300 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Dag-Erling Smorgrav <des@FreeBSD.org> Cc: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_opieaccess pam_opieaccess.c Message-ID: <20030215234406.GD72156@nagual.pp.ru> In-Reply-To: <20030215233943.GC72156@nagual.pp.ru> References: <200302152326.h1FNQnAr027546@repoman.freebsd.org> <20030215233943.GC72156@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 16, 2003 at 02:39:43 +0300, Andrey A. Chernov wrote:
> On Sat, Feb 15, 2003 at 15:26:49 -0800, Dag-Erling Smorgrav wrote:
> > des 2003/02/15 15:26:49 PST
> >
> > Modified files:
> > lib/libpam/modules/pam_opieaccess pam_opieaccess.c
> > Log:
> > Assume "localhost" if no remote host was specified. This is safe from a
> > POLA point of view since the stock /etc/opieaccess now allows localhost.
>
> There is no needs to explicately allow localhost in /etc/opieaccess. It is
> already works by default, as designed, see OPIE code. Your this and
> /etc/opieaccess changes breaks POLA.
Look at this code from accessfile.c:
if (!host[0])
/* Local login, okay */
return (1);
--
Andrey A. Chernov
http://ache.pp.ru/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030215234406.GD72156>