summaryrefslogtreecommitdiffstats
path: root/content
diff options
context:
space:
mode:
Diffstat (limited to 'content')
-rw-r--r--content/posts/WIP-how-bsd-authentication-works/index.org39
1 files changed, 19 insertions, 20 deletions
diff --git a/content/posts/WIP-how-bsd-authentication-works/index.org b/content/posts/WIP-how-bsd-authentication-works/index.org
index 898b634..6126207 100644
--- a/content/posts/WIP-how-bsd-authentication-works/index.org
+++ b/content/posts/WIP-how-bsd-authentication-works/index.org
@@ -1,5 +1,5 @@
#+TITLE: How BSD Authentication Works
-#+DATE: 2020-06-26T18:31:36-04:00
+#+DATE: 2020-11-02T16:49:46-05:00
#+DRAFT: true
#+DESCRIPTION:
#+TAGS[]: openbsd
@@ -657,25 +657,6 @@
<<here>>
-** COMMENT note
-
- ---
- note: In the man page auth_subr it says
- #+begin_quote
- path The full path name of the login script to run. The call will
- fail if path does not pass the requirements of the secure_path(3)
- function.
- #+end_quote
- However I don't see this enforced anywhere, I even wrote a small test
- script to prove that's the case on =vfwall ~/authtest=.
-
- The manpage also says the path is limited to =/bin/= and =/usr/bin=,
- which is also not the case.
-
- Ask jcs about the file descriptor situation, I don't understand it
- after reading both the man page and source.
- ---
-
** _auth_next_arg
#+BEGIN_SRC c
static char *_auth_next_arg(auth_session_t *as)
@@ -795,3 +776,21 @@ It creates an auth session struct.
If the password is provided it sets the service type to =response=,
and adds the adds the password to the auth data. Otherwise it
leaves it empty.
+* COMMENT note
+
+ ---
+ note: In the man page auth_subr it says
+ #+begin_quote
+ path The full path name of the login script to run. The call will
+ fail if path does not pass the requirements of the secure_path(3)
+ function.
+ #+end_quote
+ However I don't see this enforced anywhere, I even wrote a small test
+ script to prove that's the case on =vfwall ~/authtest=.
+
+ The manpage also says the path is limited to =/bin/= and =/usr/bin=,
+ which is also not the case.
+
+ Ask jcs about the file descriptor situation, I don't understand it
+ after reading both the man page and source.
+ ---
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-30 10:33:27 +0000