The two bugs specifically hilighted here are not present in the Debian/Ubuntu PAM source:
- pam_unix locking DoS: Our was patched with the new locking code from PAM CVS (049_pam_unix_sane_locking) - pam_wheel getlogin() spoof: Our pam_wheel is patched to not call getlogin() at all, as it's "considered harmful" (036_pam_wheel_getlogin_considered_harmful) If you'd like me to track down any others that seem particularly harmful, let me know. ... Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
