Date: Tue, 05 Feb 2002 21:58:25 +0000 From: Mark Murray <mark@grondar.za> To: "Andrey A. Chernov" <ache@nagual.pp.ru> Cc: des@freebgsd.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c Message-ID: <200202052158.g15LwUs21329@greenpeace.grondar.org> In-Reply-To: <20020205205907.GA8005@nagual.pp.ru> ; from "Andrey A. Chernov" <ache@nagual.pp.ru> "Tue, 05 Feb 2002 23:59:08 %2B0300." References: <20020205205907.GA8005@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Tue, Feb 05, 2002 at 19:49:38 +0000, Mark Murray wrote: > > > On Tue, Feb 05, 2002 at 15:20:44 +0300, Andrey A. Chernov wrote: > > > > > > > > 1) You break applications which expect the same sequence from random() > > > > (when initializing srandom() to some fixed value) since insert random() > > > > calls in the middle of application ones. > > > > > > In case my description is unclear, here is example: > > > > > > App: > > > srandom(33); > > > random(); > > > random(); > > > call PAM library > > > PAM calls random(); > > > PAM calls random() > > > return; > > > > /* application starts, control is handed over to the user */ > > srandom(33); > > random(); /* sequence is OK. */ > > It is OK at this point, but broken _after_ PAM called. > Lets imagine srandom(33) produce this hypotetical sequence for random() > calls: > > 2,4,6,7,8,9,1,2 > > Without PAM application got _all_ the values. > With PAM, PAM got some values for itself: > > 2,4,5,7,8,9,1,2 > ^^^^^ > \------ this three goes to PAM and not to application. Why is your program doing user stuff before it has authenticated? _After_ PAM, the user is free to srandom() ans much as he likes. M -- o Mark Murray \_ FreeBSD Services Limited O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202052158.g15LwUs21329>