diff options
| author | Colin Watson <cjwatson@debian.org> | 2003-09-03 00:30:53 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2003-09-03 00:30:53 +0000 |
| commit | 39d9195514df907a6f1eb6fc10688860af83f43b (patch) | |
| tree | 408c7952c02772fdc10267265526d0b6d2526190 /auth-passwd.c | |
| parent | d702e4063b641afb252fe6029553ebffac0dd81a (diff) | |
Fix login delay, spurious auth.log entry, and PermitRootLogin information
leakage due to PAM issues with upstream's recent security update (thanks,
Darren Tucker; closes: #99168, #192207, #193546).
Diffstat (limited to 'auth-passwd.c')
| -rw-r--r-- | auth-passwd.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/auth-passwd.c b/auth-passwd.c index 62ea3a52d..2307c1e5e 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
| @@ -125,6 +125,14 @@ auth_password(Authctxt *authctxt, const char *password) | |||
| 125 | ok = 0; | 125 | ok = 0; |
| 126 | 126 | ||
| 127 | #if defined(USE_PAM) | 127 | #if defined(USE_PAM) |
| 128 | /* | ||
| 129 | * If the user logging in is root and RootLogin=no, always attempt | ||
| 130 | * an invalid root login to prevent leaking timing information | ||
| 131 | */ | ||
| 132 | if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) { | ||
| 133 | auth_pam_password(authctxt, "\b\n\r\177INCORRECT"); | ||
| 134 | return 0; | ||
| 135 | } | ||
| 128 | return auth_pam_password(authctxt, password) && ok; | 136 | return auth_pam_password(authctxt, password) && ok; |
| 129 | #elif defined(HAVE_OSF_SIA) | 137 | #elif defined(HAVE_OSF_SIA) |
| 130 | if (!ok) | 138 | if (!ok) |