[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVS: cvs.openbsd.org: src

To: tech_(_at_)_openbsd_(_dot_)_org
Subject: Re: CVS: cvs.openbsd.org: src
From: Eivind Eklund <eivind_(_at_)_yes_(_dot_)_no>
Date: Mon, 6 Jul 1998 12:56:33 +0200
Delivery-date: Mon Jul 6 04:24:49 1998

On Sun, Jul 05, 1998 at 02:30:52PM -0600, Todd C. Miller wrote:
> CVSROOT:	/cvs
> Module name:	src
> Changes by:	millert_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org	98/07/05 14:30:50
> 
> Modified files:
> 	usr.bin/login  : login.c 
> 
> Log message:
> No need to call pwcheck() (and hence crypt()) if the user does not
> exist.  The only reason I did that in the first place was to get a
> fake s/key challenge.  Now if the use does not exist we just get
> the challenge if password was 's/key' else sleep for a bit to make
> it look like we are doing a crypt().

This sounds like it will leak; sleep() will loose your quanta, which
is likely to be noticable on a fast machine.  Not that I consider
leaking usernames as horrible, but it isn't nice, either.

Eivind.

Prev by Date: E!
Next by Date: loading kernel module in openbsd & freebsd?
Previous by thread: E!
Next by thread: Re: CVS: cvs.openbsd.org: src
Index(es):
- Date
- Thread

Visit your host, monkey.org