[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Why should setcred be called after session open?

From: Nicolas Williams <Nicolas Williams ubsw com>
To: pam-list redhat com
Subject: Re: Why should setcred be called after session open?
Date: Wed, 16 May 2001 16:15:37 -0400

Never mind. Both, Linux-PAM and Solaris PAM strdup() the env var
argument to pam_putenv().

Nico


On Wed, May 16, 2001 at 04:08:55PM -0400, Nicolas Williams wrote:
> I think we can certainly add the pam_putenv() call in
> pam_sm_authenticate() -- we must be careful to free this env setting
> when pam_sm_setcred() overwrites it. And, in general, we have to be
> careful when using pam_putenv() to not leak memory.
> 
> This (env var mem leaks) is one of the reasons I'd rather use pam data
> than pam env vars for inter-module communication...
> 
> Normally, putenv() does not free() overridden variables for it cannot
> know how they were allocated and, furthermore, putenv() does not
> strdup() variables. I haven't looked, but I'd bet the same is true with
> pam_putenv(), if not in all implementations, then at least in some...
> 
> *sigh*
> 
> > Cheers,
> > Steve Langasek
> > postmodern programmer
> 
> 
> Cheers,
> 
> Nico
> --
> 
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
--

References:
- Re: Why should setcred be called after session open?
  - From: Nicolas Williams <Nicolas.Williams@ubsw.com>
- Re: Why should setcred be called after session open?
  - From: Stephen Langasek <vorlon@netexpress.net>
- Re: Why should setcred be called after session open?
  - From: Nicolas Williams <Nicolas.Williams@ubsw.com>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []