[Pkg-shadow-devel] Bug#998694: Bug#998694: Don't timeout if you haven't asked for password yet
Bálint Réczey
balint at balintreczey.hu
Sun Nov 14 12:08:50 GMT 2021
Control: tags -1 wontfix
Hi Dan,
積丹尼 Dan Jacobson <jidanni at jidanni.org> ezt írta (időpont: 2021. nov.
6., Szo, 19:00):
>
> Package: login
> Version: 1:4.8.1-1.1
>
> (/usr/share/doc/login/copyright says
> This is Debian GNU/Linux's prepackaged version of the shadow utilities.
>
> It was downloaded from: <ftp://ftp.pld.org.pl/software/shadow/>.
> As of May 2007, this site is no longer available.)
The Homepage: https://github.com/shadow-maint/shadow info is up to
date, but the copyright file should be updated, I agree.
> OK, I'll report the bug here:
>
> Let's say the system is so overloaded that...
>
> Login: root
>
> Login timed out after 60 seconds
>
> Yes, that's right, even before the password prompt appeared!
>
> So that timeout will prevent access to the whole system!
>
> So: at least don't timeout if you haven't asked for password yet!
The timer is set right before calling pam_start() in login.c, thus it
would not be easy to delay that. If you have a system unable to show
password prompt for 1 minute it is unlikely that you can get in even
with a timeout started later.
Cheers,
Balint
> Thanks.
>
> _______________________________________________
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel
More information about the Pkg-shadow-devel
mailing list