Source-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

NetBSD master CVS tree commits



lukem
Sat Jun 28 19:38:26 PDT 1997
Update of /cvsroot/src/usr.bin/login
In directory netbsd1:/var/slash-tmp/cvs-serv24247

Modified Files:
        login.c 
Log Message:
Don't leak some information (``you have no s/key'').

Only information leaks now are:
* if '-s -s' is used (only allow s/key users, and force s/key use),
  then "login incorrect" will be given if a non-s/key user (or
  non-existant user) attempts to login; no password will be prompted
  for.
  XXX: maybe this should be fixed, but further analysis is required.
* an s/key user will be reminded in the "Password" prompt that they
  have an s/key. Therefore it would be possible to determine if a user
  is active on the machine if they have an s/key.
  XXX: maybe an option is required to control this behaviour




Home | Main Index | Thread Index | Old Index