Jump to letter: [
ABCDEFGHIJKLMNOPQRSTUVWXYZ
]
mod_auth_shadow - An Apache module for authentication using /etc/shadow
- Description:
When performing this task one encounters one fundamental
difficulty: The /etc/shadow file is supposed to be
read/writeable only by root. However, the webserver is
supposed to run under a non-root user, such as "nobody".
mod_auth_shadow addresses this difficulty by opening a pipe
to an suid root program, validate, which does the actual
validation. When there is a failure, validate writes an
error message to the system log, and waits three seconds
before exiting.
Packages
mod_auth_shadow-2.2-4.el4.src
[20 KiB] |
Changelog
by Jaroslav Reznik (2010-04-09):
- CVE-2010-1151: bad wait(2) call causes randomized authorization (#578168)
- fix license tag
|