[git commit master] login: log PAM errors to syslog, not stderr
Denys Vlasenko
vda.linux at googlemail.com
Thu Sep 24 23:50:45 UTC 2009
commit: http://git.busybox.net/busybox/commit/?id=c297ea97e288da16216d5c121ddefa7b61923847
branch: http://git.busybox.net/busybox/commit/?id=refs/heads/master
By Ian Wienand (ianw AT vmware.com)
Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
loginutils/login.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/loginutils/login.c b/loginutils/login.c
index 31b25a4..ed2ab7f 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -409,7 +409,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
break; /* success, continue login process */
pam_auth_failed:
- bb_error_msg("pam_%s call failed: %s (%d)", failed_msg,
+ /* syslog, because we don't want potential attacker
+ * to know _why_ login failed */
+ syslog(LOG_WARNING, "pam_%s call failed: %s (%d)", failed_msg,
pam_strerror(pamh, pamret), pamret);
safe_strncpy(username, "UNKNOWN", sizeof(username));
#else /* not PAM */
--
1.6.3.3
More information about the busybox-cvs
mailing list