Date: Tue, 05 Feb 2002 21:14:52 -0700 (MST) From: "M. Warner Losh" <imp@village.org> To: mark@grondar.za Cc: ache@nagual.pp.ru, des@FreeBSD.org, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libpam/modules/pam_unix pam_unix.c Message-ID: <20020205.211452.121219753.imp@village.org> In-Reply-To: <200202052219.g15MJhs32408@greenpeace.grondar.org> References: <20020205214703.GA8579@nagual.pp.ru> <200202052219.g15MJhs32408@greenpeace.grondar.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message: <200202052219.g15MJhs32408@greenpeace.grondar.org>
Mark Murray <mark@grondar.za> writes:
: > On Tue, Feb 05, 2002 at 23:59:08 +0300, Andrey A. Chernov wrote:
: >
: > > It is OK at this point, but broken _after_ PAM called.
: > > Lets imagine srandom(33) produce this hypotetical sequence for random()
: > > calls:
: >
: > To see the bug, run following test application with "call_pam" set to 1
: > and 0
:
: The bug is doing userland stuff before the authentication IMO.
:
: > #include <stdlib.h>
: >
: > int call_pam = 0;
: >
: > main()
: > {
: > srandom(33);
: > random();
: > random();
: > if (call_pam) libpam_steals_N_randoms();
: > printf("%d\n", random());
: > }
:
: Should look like
:
: #include <stdlib.h>
:
: int call_pam = 0;
:
: main()
: {
: if (call_pam) libpam_steals_N_randoms();
: srandom(33);
: random();
: random();
: printf("%d\n", random());
: }
What if I have to do some non-trival things before calling PAM, which
involve doing random stuff, and then I need top do non-trivial things
after calling PAM? What if I'm using two such packages together? No,
this doesn't scale well and should be avoid if we have a simple
solution at hand (which I think we do).
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020205.211452.121219753.imp>