NetBSD/dist/openpam
drochner 8e6899dea3 Don't allow '/' characters in the "service" argument to pam_start()
The "service" is blindly appended to config directories ("/etc/pam.d/"),
and if a user can control the "service" it can get PAM to read config
files from any location.
This is not a problem with most software because the "service" is
usually a constant string. The check protects 3rd party software
from being abused.
(CVE-2011-4122)
2011-11-09 20:26:41 +00:00
..
bin
doc Bump date for previous. 2010-03-20 11:24:29 +00:00
include Apply r432 from openpam repository: 2010-03-19 18:16:14 +00:00
lib Don't allow '/' characters in the "service" argument to pam_start() 2011-11-09 20:26:41 +00:00
misc merge conflicts. Unfortunately openpam changed from $P4 -> $Id so there will 2008-01-27 01:22:55 +00:00
modules
CREDITS
HISTORY
INSTALL
LICENSE
Makefile.am
Makefile.in
README
RELNOTES
aclocal.m4
autogen.sh
compile
config.guess
config.h.in
config.sub
configure
configure.ac
depcomp
install-sh
ltmain.sh
missing

README

OpenPAM is an open source PAM library that focuses on simplicity,
correctness, and cleanliness.

OpenPAM aims to gather the best features of Solaris PAM, XSSO and
Linux-PAM, plus some innovations of its own.  In areas where these
implementations disagree, OpenPAM tries to remain compatible with
Solaris, at the expense of XSSO conformance and Linux-PAM
compatibility.

These are some of OpenPAM's features:

   - Implements the complete PAM API as described in the original PAM
     paper and in OSF-RFC 86.0; this corresponds to the full XSSO API
     except for mappings and secondary authentication.  Also
     implements some extensions found in Solaris 9.

   - Extends the API with several useful and time-saving functions.

   - Performs strict checking of return values from service modules.

   - Reads configuration from /etc/pam.d/, /etc/pam.conf,
     /usr/local/etc/pam.d/ and /usr/local/etc/pam.conf, in that order;
     this will be made configurable in a future release.

Please direct bug reports and inquiries to des@freebsd.org.

$Id: README,v 1.1.1.2 2008/01/27 00:54:48 christos Exp $