https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194604
Bug ID: 194604
Summary: [libpam] [patch] pam_unix doesn't allow validation of
own password
Product: Base System
Version: 11.0-CURRENT
Hardware: Any
OS: Any
Status: Needs Triage
Severity: Affects Some People
Priority: ---
Component: bin
Assignee: [email protected]
Reporter: [email protected]
Created attachment 148656
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=148656&action=edit
(Apply with -p1; diff against r273647.)
Linux-PAM provides this functionality via a setuid helper program, and programs
have come to depend on it. In particular, enlightenment desktop's lock screen
uses this feature to allow unlocking. You could argue this is a bug in
enlightenment, but I'm not sure we'd prefer more ports shipping setuid helpers
instead of providing one standard one.
I don't see the harm in presenting the additional functionality, and it means
more Linux programs work on FreeBSD.
I have attempted to keep the setuid helper quite simple and keep the attack
surface small.
This helper only facilitates authentication, and like pam_unix, does not
validate account expiration time.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
