[redhat-lspp] New pam src rpm with namespace
Steve Grubb
sgrubb at redhat.com
Thu Feb 16 15:18:22 UTC 2006
On Thursday 16 February 2006 10:08, JANAK DESAI wrote:
> Also, if the instance parent is different than the polyinstantiated
> directory, then instance directories belonging to other users are visible to
> an ordinary user. If those directories are identified with user names are we
> opening up a channel?
I don't think this changes anything. It would be simple to create a dictionary
attack to permute all users of a machine with all types and levels until a
matching hash is found. I do not consider a hashed name from a limited name
set to a public algorithm to be secure.
-Steve
More information about the redhat-lspp
mailing list