Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-07-28 02:25:31 -04:00
Code Issues Projects Releases Packages Wiki Activity

Prevent erroneous "Login blocked after [negative number] attempts" errors

Browse source 
For root, faillock appears to always* return an empty string (i.e. no table headers are present), yielding a zero-initialized pam_faillock_output_count and thus resulting in the calculation of a negative failed_login_counter value.

This can cause erroneous errors of the form "ERROR: Login blocked after [negative number] attempts" during sudo-ing and screen unlocking.

This commit modifies the initialization of failed_login_counter such that it cannot be negative and prevents the display of these incorrect warnings.

* Only rudimentary local tests were conducted
This commit is contained in:
DMHalford 2025-05-15 15:42:50 -04:00 committed by GitHub
parent 6c3be9ced0
commit 91a76db66b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
usr/libexec/security-misc/pam-info
View file

@ -164,7 +164,7 @@ pam_faillock_output_count="$(echo "$pam_faillock_output" | wc -l)"
## 4
## Do not count the first two informational textual output lines (starting with "user:" and "When") if present,
## but ensure failed_login_counter is not set to a negative value.
## whilst ensuring failed_login_counter is not set to a negative value.
failed_login_counter=$( [ $(( pam_faillock_output_count - 2 )) -gt 0 ] && echo $(( pam_faillock_output_count - 2 )) || echo "0" )
## example failed_login_counter: