Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/dist
History
drochner 8e6899dea3 Don't allow '/' characters in the "service" argument to pam_start() 
The "service" is blindly appended to config directories ("/etc/pam.d/"),
and if a user can control the "service" it can get PAM to read config
files from any location.
This is not a problem with most software because the "service" is
usually a constant string. The check protects 3rd party software
from being abused.
(CVE-2011-4122)
 		2011-11-09 20:26:41 +00:00
..
bzip2 Use __dead 2011-08-29 20:41:06 +00:00
dhcp There is no doubt whether whether should have a 'h' after the 'w'. 2011-10-17 16:35:21 +00:00
ipf format string needs end of statement ; for previous commit 2011-02-24 18:33:06 +00:00
nvi Work around PR#43839, by calling resizeterm() on SIGWINCH. 2011-09-24 18:57:46 +00:00
openpam Don't allow '/' characters in the "service" argument to pam_start() 2011-11-09 20:26:41 +00:00
pdisk fix non-literal format string 2011-08-25 16:51:48 +00:00
pf There is no doubt whether whether should have a 'h' after the 'w'. 2011-10-17 16:35:21 +00:00
pppd Simplify. 2011-10-07 10:42:54 +00:00
smbfs Also eliminate now-no-longer-used local variable. 2011-09-22 16:08:49 +00:00