#27: pam_timestamp path traversal issue
---------------------+-------------------------------
Reporter: tmraz | Owner: pam-developers@…
Type: security | Status: new
Priority: major | Component: modules
Version: | Resolution:
Keywords: | Blocked By:
Blocking: |
---------------------+-------------------------------
Comment (by ldv):
Since check_tty() already strips '/', only two tty values should be
disallowed: "." and "..".
With regards to ruser value, besides "." and "..", it seems
reasonable to
disallow any value containing '/', to avoid potential DoS attacks (e.g.
specially crafted ruser would result to creation of a directory in place
of a regular timestamp file).
--
Ticket URL: <
https://fedorahosted.org/linux-pam/ticket/27#comment:3>
linux-pam <
http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project