Bug 16456

Summary: files missing from pam-0.72-20
Product: [Retired] Red Hat Linux Reporter: dietzma
Component: pamAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-08-17 15:57:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description dietzma 2000-08-17 15:57:18 UTC 
The executable utility pam_tally used for viewing and resetting 
the /var/log/faillog file after X failed login attempts is not present on 
the RedHat pam-0.72-20.  pam_tally.so library is included however, making 
it possible to prevent logins after X failed login attempts but not to 
reset them since the pam_tally utility isn't included.  

The README files from the modules/* directories which provide more 
detailed description are also not included in the /usr/doc/pam-0.72-20 
directory either.

Finally, due to the permissions on /bin/login not being setuid, a user 
could bypass the whole pam_tally.so module locally by running login at the 
shell prompt.  pam_tally.so then attempts to write the file with the 
permissions of the user who invoked it and fails since it is owned by 
root, therefore bypassing the tallying effect (this may be a pam_tally 
bug ?).
Comment 1 Nalin Dahyabhai 2000-08-18 00:16:42 UTC 
The README files and pam_tally application are being added for the next
release.  A non-setuid-root /bin/login is useless (when pam_unix is being used
for authentication) for getting a login shell as anyone other than yourself.