Bug 16456 - files missing from pam-0.72-20
files missing from pam-0.72-20
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
6.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-08-17 11:57 EDT by dietzma
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-08-17 11:57:22 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description dietzma 2000-08-17 11:57:18 EDT
The executable utility pam_tally used for viewing and resetting 
the /var/log/faillog file after X failed login attempts is not present on 
the RedHat pam-0.72-20.  pam_tally.so library is included however, making 
it possible to prevent logins after X failed login attempts but not to 
reset them since the pam_tally utility isn't included.  

The README files from the modules/* directories which provide more 
detailed description are also not included in the /usr/doc/pam-0.72-20 
directory either.

Finally, due to the permissions on /bin/login not being setuid, a user 
could bypass the whole pam_tally.so module locally by running login at the 
shell prompt.  pam_tally.so then attempts to write the file with the 
permissions of the user who invoked it and fails since it is owned by 
root, therefore bypassing the tallying effect (this may be a pam_tally 
bug ?).
Comment 1 Nalin Dahyabhai 2000-08-17 20:16:42 EDT
The README files and pam_tally application are being added for the next
release.  A non-setuid-root /bin/login is useless (when pam_unix is being used
for authentication) for getting a login shell as anyone other than yourself.

Note You need to log in before you can comment on or make changes to this bug.