Use fewer buffers and reduce string-copying #7
Conversation
Depend on libcrypto and link with same.
Tighten permissions on the file.
they should ever be communicated to the user, but, if any should be, pam_error() should be used for the purpose instead of writing to stderr directly.
any is necessary. This saves a modicum of space but also, more importantly, makes usage of our module harder to detect for any (potentially hostile) observer.
|
I disagree with the syslog usage. These errors are very serious and the user should be aware of them upon usage. Also, the casting is necessary, as those variables are of different type. It doesn't matter if the compiler understands this and converts them either way. They need to be cast for clarity and readability of the code. There is no need to allow larger usernames and then truncate them. I agree with the rest of the changes. |
…ne -- /usr/share is read-only on some systems. Use the path /var/db/multipassword on BSD-systems. Catch and properly report (with syslog(3)) more potential failures.
Reporting these errors will reveal usage of pam_duress to a potentially hostile party watching from behind the user's shoulder... If they are in a safe environment, they can login as themselves (or root) and find all of the error-messages in the logfile... At the very least, But best, in my opinion, is to just be silent. :-)
Some of the casting was not quite right, because it dropped the
They are only truncated, if they are too long even for what is allowed. In cases of crashes, an admin may have easier time sorting through abandoned |
|
Any chance to see this PR merged - at least partially into master ? |
Also:
mkstemp(3)instead of a static name for the action-scriptsyslog(3)to log errors instead of printing them tostderrpam_get_authtokandpam_get_userPAM_AUTH_ERR