1219358 – AUDIT-WHITELIST: pam: new module: pam_canonicalize_user to canonicalize user name

Bug 1219358 - AUDIT-WHITELIST: pam: new module: pam_canonicalize_user to canonicalize user name

Summary: AUDIT-WHITELIST: pam: new module: pam_canonicalize_user to canonicalize user ...

Status:	RESOLVED FIXED

Alias:	None

Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Current
Hardware:	Other Other

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	Matthias Gerstner
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-01-30 15:17 UTC by Thorsten Kukuk
Modified:	2024-02-19 13:00 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thorsten Kukuk 2024-01-30 15:17:30 UTC

Linux-PAM comes with a new trivial PAM module (~15 lines of code), which needs to be whitelisted.

PR for the module:
https://github.com/linux-pam/linux-pam/pull/617

Comment 1 Matthias Gerstner 2024-01-31 09:18:26 UTC

The new module is already found in the pam devel project on OBS.

It just checks whether the provided username, when resolved via getpwnam &
friends, differs. If so then the username stored in the PAM handle is adjusted
to the one provided by the system functions.

Whitelisting can be done.

Comment 2 OBSbugzilla Bot 2024-02-01 11:35:03 UTC

This is an autogenerated message for OBS integration:
This bug (1219358) was mentioned in
https://build.opensuse.org/request/show/1143293 Factory / rpmlint

Comment 3 Matthias Gerstner 2024-02-07 09:25:30 UTC

The whitelisting has reached Factory. Closing.