Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 16 Aug 2010 12:05:13 +0100
From: Tim Brown <>
Subject: Minor security flaw with pam_xauth

Here's another bug where privileged code isn't checking the return value from 

I don't think this needs a CVE as I haven't found a useful way to exploit it 
but maybe someone on here will spot something I've missed.  Either way, I 
would have thought it should be fixed.


PS Is it just me or does "I fail to see how RLIMIT_NPROC should have any affect 
on setuid." in the comments a touch disconcerting given that it's from the PAM 
Tim Brown

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ