Romain Naour wrote:
Hi,
Le 04/03/2014 22:27, Romain Naour a écrit :
Signed-off-by: Romain Naour <[email protected]>
---
loginutils/su.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/loginutils/su.c b/loginutils/su.c
index c51f26f..f812505 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -101,6 +101,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
if (ENABLE_FEATURE_SU_SYSLOG)
syslog(LOG_NOTICE, "%c %s %s:%s",
'-', tty, old_user, opt_username);
+ bb_do_delay(LOGIN_FAIL_DELAY);
bb_error_msg_and_die("incorrect password");
}
Any comment or review on this patch ?
There is a small delay in su from util-linux if the password is wrong.
that doesnt help cracking attempts, the bruteforce tool could just spawn
many processes. this will only delay the most naive attacker.
Best regards,
Romain Naour
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox
