Randy McMurchy wrote: > Other than that, we have the PAM/Shadow/su issue (sorry for not > giving feedback about the -12 update yet, just update LFS and I or > DJ will get BLFS in line. Don't ever hold up LFS for something in > BLFS, unless it is a major deal) which isn't really an issue as > if you type a bad password, what is the difference between an > segfault and a message saying your password was bad? :-)
3 seconds to really slow down a brute force attack. Yeah sure, that 3 seconds is really gonna hurt...anyway, Linux_PAM-0.80 is fixed now WRT the segfault issue with shadow's su. shadow-4.0.12 seems to work as expected. I think LFS is in good shape as to gcc-4.0.1. There is one other patch mentioned over on Greg's DIY-Dev list that should probably be looked at. Take a look at the link in the patch header. This looks to be an icky little bug; difficult to track down if I followed correctly, but I have not yet seen the issue first hand. http://www.diy-linux.org/pipermail/diy-linux-dev/2005-August/000621.html -- DJ Lucas -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
