[PATCH 1/1] su: Add a delay if the password is incorrect
Rich Felker
dalias at aerifal.cx
Sun Mar 16 20:25:04 UTC 2014
On Sun, Mar 16, 2014 at 11:19:02AM +0100, Denys Vlasenko wrote:
> On Tuesday 04 March 2014 22:27, Romain Naour wrote:
> > Signed-off-by: Romain Naour <romain.naour at openwide.fr>
> > ---
> > loginutils/su.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/loginutils/su.c b/loginutils/su.c
> > index c51f26f..f812505 100644
> > --- a/loginutils/su.c
> > +++ b/loginutils/su.c
> > @@ -101,6 +101,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
> > if (ENABLE_FEATURE_SU_SYSLOG)
> > syslog(LOG_NOTICE, "%c %s %s:%s",
> > '-', tty, old_user, opt_username);
> > + bb_do_delay(LOGIN_FAIL_DELAY);
> > bb_error_msg_and_die("incorrect password");
> > }
>
>
> Applied, thanks!
Did you miss the part about this being useless to security but
annoying to users? If busybox is going to add the delay, it should do
it right (in such a way that attackers can't circumvent the delay).
Rich
More information about the busybox
mailing list