Date: Thu, 25 Sep 2014 11:18:52 -0400 From: Brandon Allbery <allbery.b@gmail.com> To: Tim Daneliuk <tundra@tundraware.com> Cc: FreeBSD stable <freebsd-stable@freebsd.org>, Dimitry Andric <dim@freebsd.org>, =?UTF-8?Q?Dag=2DErling_Sm=C3=B8rgrav?= <des@freebsd.org> Subject: Re: 10.1 BETA2 World - Breaks saslauthd Message-ID: <CAKFCL4WX1gDJFLuJwvSKBX%2B0eKM4OwahXkDqEO84NqiY=eHDCw@mail.gmail.com> In-Reply-To: <542430EB.1040804@tundraware.com> References: <b492e700f57a52e21f7755e6d01bd863.squirrel@www.tundraware.com> <3DA4B666-AB81-4F25-ABAE-DDC163F41E20@FreeBSD.org> <542430EB.1040804@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 25, 2014 at 11:12 AM, Tim Daneliuk <tundra@tundraware.com> wrote: > Yup, that worked. Thanks! Now, for those of us less than smart, could > you explain why this was necessary in context of that MFC? > To me the implication is that before the MFC, PAM had a potentially quite severe security issue involving either incorrect fallback to a default configuration or not correctly handling error returns from a PAM stack --- either of which could result in unauthorized users being permitted access. -- brandon s allbery kf8nh sine nomine associates allbery.b@gmail.com ballbery@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKFCL4WX1gDJFLuJwvSKBX%2B0eKM4OwahXkDqEO84NqiY=eHDCw>