Bug#495806: pam_authenticate segfault results in authentication success (was: Locked screen accepts any password to unlock)

reassign 495879 pam found 495879 1.0.1-1 retitle 495879 pam_unix returns success when child process dies with signal severity 495879 minor tags 495879 = confirmed upstream reopen 495879 thanks On Thu, Aug 21, 2008 at 01:46:40PM +1000, Ben Finney wrote: > The segfault in pam_authenticate needs to b

Processed: Re: Bug#495806: pam_authenticate segfault results in authentication success (was: Locked screen accepts any password to unlock)

Processing commands for [EMAIL PROTECTED]: > reassign 495879 pam Bug#495879: pam_authenticate segfault results in authentication success Bug reassigned from package `screen' to `pam'. > found 495879 1.0.1-1 Bug#495879: pam_authenticate segfault results in authentication success Bug marked as foun

Bug#495806: pam_authenticate segfault results in authentication success (was: Locked screen accepts any password to unlock)

On Thu, Aug 21, 2008 at 13:46:40 +1000, Ben Finney wrote: > However, screen's behaviour in this instance is also buggy and > insecure: i.e., that screen treats "segfault in pam_authenticate" as > "successful authentication". > This is wrong. screen has no way to know that unix_chkpwd segfaulte

Bug#495806: pam_authenticate segfault results in authentication success (was: Locked screen accepts any password to unlock)

clone 495806 -1 reassign -1 screen retitle -1 pam_authenticate segfault results in authentication success thanks On 20-Aug-2008, Nico Golde wrote: > It looks like a pam problem. I couldn't reproduce this with pam > 0.99.7.1-7 but can with 1.0.1-2. > From screen (attacher.c): > > 875 #ifdef U