[Pkg-shadow-devel] Bug#531341: prints "login incorrect" without asking for password when entering an invalid login
Dmitri Gribenko
gribozavr at gmail.com
Sat Jul 18 19:31:04 UTC 2009
On Sat, Jul 18, 2009 at 8:18 PM, Nicolas
François<nicolas.francois at centraliens.net> wrote:
> Please look at the pam_securetty.so section in /etc/pam.d/login
>
> There are two contradicting security goals which are to avoid having root's
> password entered on unsafe lines (and unknown users should be considered
> as a mistyped 'root'), and to avoid leaking information regarding existing
> users.
Thank you for the explanation.
> I don't really know how to handle this bug. My preference would go to
> close it (which I will do in a few week if there are no answers). Another
> solution could be to keep it as wontfix as an "information bug" and wait
> until somebody finds a cleaner solution.
I think it is better to keep it as wontfix.
Best regards,
Dmitri
--
main(i,j){for(i=2;;i++){for(j=2;j<i;j++){if(!(i%j)){j=0;break;}}if
(j){printf("%d\n",i);}}} /*Dmitri Gribenko <gribozavr at gmail.com>*/
More information about the Pkg-shadow-devel
mailing list