login: log PAM errors to syslog, not stderr

By Ian Wienand (ianw AT vmware.com) Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2009-09-25 01:50:45 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2009-09-25 01:50:45 +0200
commit: c297ea97e288da16216d5c121ddefa7b61923847 (patch)
tree: ca20c1e56535f1a623106ae48e059b020ccb2d40
parent: 21d87d495a78f9207d643a5bf99061d4401370ef (diff)
download: busybox-c297ea97e288da16216d5c121ddefa7b61923847.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/loginutils/login.c b/loginutils/login.c
index 31b25a43e..ed2ab7f80 100644
--- a/loginutils/login.c
+++ b/loginutils/login.c
@@ -409,7 +409,9 @@ int login_main(int argc UNUSED_PARAM, char **argv)
 		break; /* success, continue login process */
 
  pam_auth_failed:
-		bb_error_msg("pam_%s call failed: %s (%d)", failed_msg,
+		/* syslog, because we don't want potential attacker
+		 * to know _why_ login failed */
+		syslog(LOG_WARNING, "pam_%s call failed: %s (%d)", failed_msg,
 					pam_strerror(pamh, pamret), pamret);
 		safe_strncpy(username, "UNKNOWN", sizeof(username));
 #else /* not PAM */
author	Denys Vlasenko <vda.linux@googlemail.com>	2009-09-25 01:50:45 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2009-09-25 01:50:45 +0200
commit	c297ea97e288da16216d5c121ddefa7b61923847 (patch)
tree	ca20c1e56535f1a623106ae48e059b020ccb2d40
parent	21d87d495a78f9207d643a5bf99061d4401370ef (diff)
download	busybox-c297ea97e288da16216d5c121ddefa7b61923847.tar.gz