bcba17939e1b1a568cd4a764534cde74d37078cc started using pam_overwrite_n()
without providing the definition to this function, which causes a build
failure.
modules/pam_timestamp/hmac_openssl_wrapper.c: include pam_inline.h
34b062d...
by
Thorsten Kukuk <email address hidden>
manual pages: document usage of $DISPLAY and PAM_TTY
man/pam_item_types_std.inc.xml: In the past, PAM_TTY was used for tty
devices and $DISPLAY variables for X-based applications. With the
introduction of PAM_DISPLAY PAM_TTY should only be used for devices.
f26d873...
by
=?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>
libpam: simplify string copying using strdup
bcba179...
by
=?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>
modules: make use of secure memory erasure
Use empty initialization of structs to minimize the memset() usage, to
reduce the amount of calls which are not sensitive.
Non trivial changes:
- pam_env:
* erase environment variables where possible
- pam_pwhistory:
* erase buffers containing old passwords
- pam_selinux: skip overwriting data structure consisting of only
pointers to insensitive data, which also gets free'd afterwards (so
it currently does not protect against double-free or use-after-free on
the member pointers)
- pam_unix: erase cipher data in more places
- pam_userdb: erase password hashes
87ff7a1...
by
=?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>
libpamc: make use of secure memory erasure
dd733a5...
by
=?utf-8?q?Christian_G=C3=B6ttsche?= <email address hidden>