diff options
| author |   Patrick J Volkerding <volkerdi@slackware.com> | 2020-06-13 20:40:31 +0000 |
|---|---|---|
| committer |   Eric Hameleers <alien@slackware.com> | 2020-06-14 08:59:53 +0200 |
| commit | 0959f2bb54a685807217ea93b53db25a8ce9181e (patch) | |
| tree | da80cc426ce1136cac13dc613a6c11c43baada9c /source/a/pam/patches/pam.pam_tally2.no.fsync.patch | |
| parent | bf14db28cb4ba1b9bcb3e355ce067b61220d7289 (diff) | |
| download | current-0959f2bb54a685807217ea93b53db25a8ce9181e.tar.gz current-0959f2bb54a685807217ea93b53db25a8ce9181e.tar.xz | |
Sat Jun 13 20:40:31 UTC 202020200613204031
a/pam-1.4.0-x86_64-1.txz: Upgraded.
IMPORTANT NOTE: This update removes the pam_cracklib and pam_tally2 modules.
None of our current configuration files in /etc/pam.d/ use either of those,
but if the configuration files on your machine do you'll need to comment out
or remove those lines, otherwise you may experience login failures.
a/shadow-4.8.1-x86_64-9.txz: Rebuilt.
/etc/pam.d/system-auth: prefix lines that call pam_gnome_keyring.so with '-'
to avoid spamming the logs about failures.
a/sysvinit-scripts-2.1-noarch-32.txz: Rebuilt.
rc.S: create /var/run/faillock directory for pam_faillock(8).
a/util-linux-2.35.2-x86_64-2.txz: Rebuilt.
/etc/pam.d/login: change the example for locking an account for too many
failed login attempts to use pam_faillock instead of pam_tally2.
l/imagemagick-7.0.10_19-x86_64-1.txz: Upgraded.
l/libzip-1.7.1-x86_64-1.txz: Upgraded.
n/openssh-8.3p1-x86_64-2.txz: Rebuilt.
/etc/pam.d/sshd: change the example for locking an account for too many
failed login attempts to use pam_faillock instead of pam_tally2.
Diffstat (limited to 'source/a/pam/patches/pam.pam_tally2.no.fsync.patch')
| -rw-r--r-- | source/a/pam/patches/pam.pam_tally2.no.fsync.patch | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/source/a/pam/patches/pam.pam_tally2.no.fsync.patch b/source/a/pam/patches/pam.pam_tally2.no.fsync.patch deleted file mode 100644 index 15b40115d..000000000 --- a/source/a/pam/patches/pam.pam_tally2.no.fsync.patch +++ /dev/null @@ -1,35 +0,0 @@ -From b136bff25e93be6f11de74aca03569022364b973 Mon Sep 17 00:00:00 2001 -From: "Maciej S. Szmigiero" <mail@maciej.szmigiero.name> -Date: Mon, 25 Feb 2019 20:50:48 +0100 -Subject: [PATCH] pam_tally2: Remove unnecessary fsync() - -pam_tally2 does fsync() after writing to a tally file. -This causes hard drive cache flushes on every failed SSH login on many -(if not most) filesystems. -And an internet-exposed machine can have a lot of these failed logins. - -This operation however doesn't seem to be necessary - the pam_tally2 -module does not do any operation which would need explicit post-crash -ordering, it just does simple file reads and writes. -And doing a fsync() after them doesn't close any race if the system happens -to crash between a write being posted and its fsync() completion. - -Let's remove this operation to get rid of all these extra cache flushes. ---- - modules/pam_tally2/pam_tally2.c | 4 ---- - 1 file changed, 4 deletions(-) - -diff --git a/modules/pam_tally2/pam_tally2.c b/modules/pam_tally2/pam_tally2.c -index 984edf6a..ce7f5aee 100644 ---- a/modules/pam_tally2/pam_tally2.c -+++ b/modules/pam_tally2/pam_tally2.c -@@ -484,10 +484,6 @@ set_tally(pam_handle_t *pamh, uid_t uid, - } - } - -- if (fsync(*tfile)) { -- pam_syslog(pamh, LOG_ALERT, "update (fsync) failed for %s: %m", filename); -- return PAM_AUTH_ERR; -- } - return PAM_SUCCESS; - } |