Date: Mon, 04 Apr 2005 15:12:09 +0200 From: des@des.no (=?iso-8859-1?q?Dag-Erling_Sm=F8rgrav?=) To: Jacques Vidrine <nectar@FreeBSD.org> Cc: cvs-all@FreeBSD.org Subject: Re: cvs commit: src/libexec/rexecd rexecd.c Message-ID: <86oecur8ie.fsf@xps.des.no> In-Reply-To: <200503271359.j2RDxiF9050487@repoman.freebsd.org> References: <200503271359.j2RDxiF9050487@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jacques Vidrine <nectar@FreeBSD.org> writes: > A separate bug was introduced at the same time. The PAM library > functions are called between the invocation of getpwnam(3) and the use > of the returned static object. Since many PAM library functions > result in additional getpwnam(3) calls, the contents of the returned > static object could be changed from under rexecd. With this commit, > getpwnam_r(3) is used instead. This is incorrect, because PAM may change the login name, so the struct passwd you got before calling PAM might not be the one you actually need. The simplest fix is to revert this patch and instead add pam_get_item(pamh, PAM_USER, &user); pwd =3D getpwnam(user); after the PAM transaction. DES --=20 Dag-Erling Sm=F8rgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86oecur8ie.fsf>