8e6899dea3
The "service" is blindly appended to config directories ("/etc/pam.d/"), and if a user can control the "service" it can get PAM to read config files from any location. This is not a problem with most software because the "service" is usually a constant string. The check protects 3rd party software from being abused. (CVE-2011-4122) |
||
---|---|---|
.. | ||
bin | ||
doc | ||
include | ||
lib | ||
misc | ||
modules | ||
aclocal.m4 | ||
autogen.sh | ||
compile | ||
config.guess | ||
config.h.in | ||
config.sub | ||
configure | ||
configure.ac | ||
CREDITS | ||
depcomp | ||
HISTORY | ||
INSTALL | ||
install-sh | ||
LICENSE | ||
ltmain.sh | ||
Makefile.am | ||
Makefile.in | ||
missing | ||
README | ||
RELNOTES |
OpenPAM is an open source PAM library that focuses on simplicity, correctness, and cleanliness. OpenPAM aims to gather the best features of Solaris PAM, XSSO and Linux-PAM, plus some innovations of its own. In areas where these implementations disagree, OpenPAM tries to remain compatible with Solaris, at the expense of XSSO conformance and Linux-PAM compatibility. These are some of OpenPAM's features: - Implements the complete PAM API as described in the original PAM paper and in OSF-RFC 86.0; this corresponds to the full XSSO API except for mappings and secondary authentication. Also implements some extensions found in Solaris 9. - Extends the API with several useful and time-saving functions. - Performs strict checking of return values from service modules. - Reads configuration from /etc/pam.d/, /etc/pam.conf, /usr/local/etc/pam.d/ and /usr/local/etc/pam.conf, in that order; this will be made configurable in a future release. Please direct bug reports and inquiries to des@freebsd.org. $Id: README,v 1.1.1.2 2008/01/27 00:54:48 christos Exp $