]> git.ipfire.org Git - thirdparty/openssh-portable.git/commit
projects / thirdparty / openssh-portable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2168241) | patch
auth-pam: Check the user didn't change during PAM transaction
authorMarco Trevisan (Treviño) <mail@3v1n0.net>
Mon, 30 Sep 2024 11:14:11 +0000 (13:14 +0200)
committerDamien Miller <djm@mindrot.org>
Sat, 24 May 2025 07:11:23 +0000 (17:11 +1000)
commit140bae1df2b7246bb43439d039bf994159973585
treefb92273ed4def7be3ed1ec1f0ce51db9e2bacba4tree
parent216824172724a50a4a75439fb2b4b8edccf5b733commit | diff
auth-pam: Check the user didn't change during PAM transaction

PAM modules can change the user during their execution, in such case ssh
would still use the user that has been provided giving potentially
access to another user with the credentials of another one.

So prevent this to happen, by ensuring that the final PAM user is
matching the one that initiated the transaction.
auth-pam.c diff | blob | blame | history
Mirror of https://github.com/openssh/openssh-portable.git