Subject: Re: bin/23616: login might not back-off as expected
To: None <email@example.com>
From: Christian Biere <firstname.lastname@example.org>
Date: 04/05/2004 04:42:34
Christian Biere wrote:
> >Synopsis: login might not back-off as expected
> >Confidential: no
> >Severity: non-critical
> >Priority: low
This would have to be changed to "login might sleep forever" and I'd
rate this rather "serious" although it wouldn't happen with the default
> Due to a hardcoded value in the back-off time calculation code the
> time to back-off can become negative. As this value is (automatically)
> casted to an unsigned int, sleep() is called with a pretty uge value.
> As this exceeds 1000000000 sleep returns immediately.
This was a bug in the kernel which has been fixed meanwhile. So this
negative value will really cause login to sleep for a *very* long time
if you enter a wrong password.