On Tue, May 04, 2004 at 08:23:07PM -0500, Ed Schmollinger wrote: > pam_chroot-0.8 has been released. Kudos to Heiko Hund for contribution > of some nifty ideas and code to implement them. > > The new version is available from > http://sourceforge.net/projects/pam-chroot/ You could want to check out this patch: cvs -d :pserver:anoncvs:anoncvs@xxxxxxxxxxxxxxxxxxxxxxxx:/cvs co Owl/packages/pam/pam-0.75-owl-pam_chroot.diff It is not against your version, but it is relevant to it as well. Basically, the point is that it is unsafe to chroot() to a path which contains directories writable by an untrusted user. Unfortunately, few people realize that, so this kind of misuse of chroot() is all too common. -- Alexander Peslyak <solar@xxxxxxxxxxxx> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
