Skip to content
This repository has been archived by the owner on Feb 28, 2024. It is now read-only.

Latest commit

 

History

History
25 lines (16 loc) · 997 Bytes

SECURITY.md

File metadata and controls

25 lines (16 loc) · 997 Bytes

Security Policy

Security assumptions

pam_tacplus and libtac are both used with privileges of the calling user and process the following external data:

  • user data - login and password strings, which are considered untrusted and are subject to security validation
  • configuration data - parameters set in PAM configuration file in /etc/pam.d such as server address or secret, which are considered trusted and are subject to basic semantic validation

Code in tests is not assumed to perform any security validation.

Supported Versions

All versions of pam_tacplus and libtac are supported.

Reporting a Vulnerability

For low and medium level vulnerabilities please create an issue or pull request with fixes.

For high severity issues please contact Paweł Krawczyk, numerous secure means of communication are supported.