The acscripts library contains a set of helper scripts that can be used by package configure scripts. This library enables common functions to be used from one central location, rather than being duplicated across packages. This provides simplified system maintenance, because build functions are centralized, and smaller packages, because build functions are no longer in packages.
> development is currently on ice, since no one seems to use it.
> basically the code is stable, but i wouldn`t trust it against network or local attackers.
It is a pity this project is halted. What security issues are there with this software? We could do with a security audit on this software.
Re: vsftpd contains a security flaw, which causes the system to skip asking for a password
if the username is invalid, when the system is configured to use an explicit userlist.
A user has suggested that vsftpd-not-whitelisted users never get
passed to pam, so all the pam configuration in the world won't do
anything until you disable the vsftpd userlist.
I would rather not disable the username whitelisting to work around this.
IDoes anyone know how to fix this so that we could incorporate a configuration option as to whether or not to abort after username is entered, or to reverse the polarity of the userlist_deny switch in this context, so that userlist_deny=NO asks for a password, but userlist_deny=YES aborts without a password?
I would be happy to make this change on a local fork (but I need some guidance on this)
if the fix will not get implemented upstream. I am interested in hearing from anyone who knows
their way around this code sufficiently to make the fix.