#
8f494268 |
| 24-Oct-2014 |
christos <christos@NetBSD.org> |
OpenPAM Ourouparia 2014-09-12
- ENHANCE: When executing a chain, require at least one service function to succeed. This mitigates fail-open scenario
OpenPAM Ourouparia 2014-09-12
- ENHANCE: When executing a chain, require at least one service function to succeed. This mitigates fail-open scenarios caused by misconfigurations or missing modules.
- ENHANCE: Make sure to overwrite buffers which may have contained an authentication token when they're no longer needed.
- BUGFIX: Under certain circumstances, specifying a non-existent module (or misspelling the name of a module) in a policy could result in a fail-open scenario. (CVE-2014-3879)
- FEATURE: Add a search path for modules. This was implemented in Nummularia but inadvertently left out of the release notes.
- BUGFIX: The is_upper() predicate only accepted the letter A as an upper-case character instead of the entire A-Z range. As a result, service and module names containing upper-case letters other than A would be rejected.
show more ...
|