Nathan Johnson
Hello, this is my first post to the list, so forgive me for not
knowing the exact "protocol" on this. regarding the security/dante
port, password authentication is broken on the dante socks proxy,
presumably on all hardware platforms. this is because it does a
getpwnam() and then calls getpwuid shortly afterward before checking
the original return from getpwnam() in auth_password.c passwordcheck
function. This clobbers the password struct, as explained in the
getpwnam man page. I have contacted the package maintainer (Jakob
Schlyter) and have yet to receive a response. I have contacted the
authors of the package and did receive a response / confirmation of
the bug, but they have yet to release a fix. Is anyone interested in
this (simple) patch? If so, what is the best way for me to send this
to the list? So far I have only tested it on 4.0 current as of feb
13 2007 and 4.1 release , amd64 and i386 platforms respectively.
