Re: [Pam-developers] [linux-pam] #27: pam_timestamp path traversal issue

#27: pam_timestamp path traversal issue ---------------------+------------------------------- Reporter: tmraz | Owner: pam-developers@… Type: security | Status: new Priority: major | Component: modules Version: | Resolution: Keywords: | Blocked By: Blocking: | ---------------------+------------------------------- Comment (by ldv): To put thing more formally, if either PAM_RUSER or PAM_TTY equals to "." or "..", or starts with "../", or ends with "/..", or contains "/../", then get_timestamp_name should return PAM_AUTH_ERR. -- Ticket URL: <https://fedorahosted.org/linux-pam/ticket/27#comment:1> linux-pam <http://fedorahosted.org/linux-pam> The Linux-PAM (Pluggable Authentication Modules) project