* src/login.c: Added comment to make sure PAM_RHOST or PAM_TTY do

not get set to unsanitized values.
2009-04-19 13:33:24 +00:00 · 2009-04-19 13:33:24 +00:00 · 8156c3b0be
commit 8156c3b0be
parent d2a822fe39
2 changed files with 8 additions and 0 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2009-04-19  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* src/login.c: Added comment to make sure PAM_RHOST or PAM_TTY do
+	not get set to unsanitized values.
+
 2009-04-17  Paul Szabo  <psz@maths.usyd.edu.au>

 	* NEWS, src/login.c: Do not trust the current utmp entry's ut_line
--- a/src/login.c
+++ b/src/login.c
@ -657,6 +657,9 @@ int main (int argc, char **argv)
 	 * hostname & tty are either set to NULL or their correct values,
 	 * depending on how much we know. We also set PAM's fail delay to
 	 * ours.
+	 *
+	 * PAM_RHOST and PAM_TTY are used for authentication, only use
+	 * information coming from login or from the caller (e.g. no utmp)
 	 */
 	retcode = pam_set_item (pamh, PAM_RHOST, hostname);
 	PAM_FAIL_CHECK;