On Tue, May 13, 2008 at 10:36:33AM +0200, Christoph Pleger wrote: > Hello, > > > - The patch needs to be updated to apply against the current package in > > unstable. > > Done. I have attached a patch for unix_auth.c > > > and, importantly: > > > > - we need some some code review/feedback/signoff from the Debian folks > > maintaining PAM and other related components. I am *NOT* going to be > > the guy who uploads a new setuid binary without adequate review. > > Will you contact them?
I have Cc:'ed [EMAIL PROTECTED], the PAM maintainers: Please review unix2_chkpwd.c (and the patch to unix_auth.c to use it) in this bugreport and let us know if you feel it secure to include as a setuid root binary (like vanilla PAM's /bin/unix_chkpwd). Thanks! -- _ivan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]