diff options
| author | Dante Catalfamo | 2020-11-02 16:52:09 -0500 |
|---|---|---|
| committer | Dante Catalfamo | 2020-11-02 16:52:09 -0500 |
| commit | 6aa04390517d0559a0a671a994bdc18e1b50fc81 (patch) | |
| tree | 296cd39aec3467c261a77ea87358845449d9e50b /content/posts | |
| parent | 57f1ee12382f2beed8a60fecca3863f4656dd691 (diff) | |
| download | blog-6aa04390517d0559a0a671a994bdc18e1b50fc81.tar.gz blog-6aa04390517d0559a0a671a994bdc18e1b50fc81.tar.bz2 blog-6aa04390517d0559a0a671a994bdc18e1b50fc81.zip | |
bsd-auth: update date, move comment
Diffstat (limited to 'content/posts')
| -rw-r--r-- | content/posts/WIP-how-bsd-authentication-works/index.org | 39 |
1 files changed, 19 insertions, 20 deletions
diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org index 898b634..6126207 100644 --- a/content/posts/WIP-how-bsd-authentication-works/index.org +++ b/content/posts/WIP-how-bsd-authentication-works/index.org @@ -1,5 +1,5 @@ #+TITLE: How BSD Authentication Works -#+DATE: 2020-06-26T18:31:36-04:00 +#+DATE: 2020-11-02T16:49:46-05:00 #+DRAFT: true #+DESCRIPTION: #+TAGS[]: openbsd @@ -657,25 +657,6 @@ <<here>> -** COMMENT note - - --- - note: In the man page auth_subr it says - #+begin_quote - path The full path name of the login script to run. The call will - fail if path does not pass the requirements of the secure_path(3) - function. - #+end_quote - However I don't see this enforced anywhere, I even wrote a small test - script to prove that's the case on =vfwall ~/authtest=. - - The manpage also says the path is limited to =/bin/= and =/usr/bin=, - which is also not the case. - - Ask jcs about the file descriptor situation, I don't understand it - after reading both the man page and source. - --- - ** _auth_next_arg #+BEGIN_SRC c static char *_auth_next_arg(auth_session_t *as) @@ -795,3 +776,21 @@ It creates an auth session struct. If the password is provided it sets the service type to =response=, and adds the adds the password to the auth data. Otherwise it leaves it empty. +* COMMENT note + + --- + note: In the man page auth_subr it says + #+begin_quote + path The full path name of the login script to run. The call will + fail if path does not pass the requirements of the secure_path(3) + function. + #+end_quote + However I don't see this enforced anywhere, I even wrote a small test + script to prove that's the case on =vfwall ~/authtest=. + + The manpage also says the path is limited to =/bin/= and =/usr/bin=, + which is also not the case. + + Ask jcs about the file descriptor situation, I don't understand it + after reading both the man page and source. + --- |