[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: new module request: pam_ident



Hi,

Best wishes to all for the new year.  I've been away for a week or so,
enjoying the freezing weather of Utah so I apologize for not
integrating the various fixes etc., that have been posted.  Hopefully
I'll make some progress later in the week.

Over this last weekend I did get chance to put some gloss on my
pam_netid module, which in the interests of caution is intended
primarily as a toy, example and/or an admin tool.  It can be
downloaded as:

    http://linux.kernel.org/pub/linux/libs/pam/pre/pam_netid.tar.gz
or
    ftp://linux.kernel.org/pub/linux/libs/pam/pre/pam_netid.tar.gz

(the ftp server is more reliable.)

Previously, I made the claim that:
> Be warned, it is very Linux specific (makes extensive use of the
> Linux /proc/ filesystem), but I have reason to believe it will work
> on all 2.x.y kernels.
     ^^^^^^^^^^^^^^^^^

Which was my belief at the time, but has since proved to be incorrect.
The most recent 2.1.* kernels do some fancy stuff with "dentry" things
and consequently don't give any hints about socket inodes.  Never
fear, I have included a replacement for one of the kernel files
(.../fs/proc/link.c) that can be used to enhance your bleeding edge
kernel to work with this module.  [I've sent this to Linus, and am
hoping to see it in 2.1.78...]

Previously, I made the claim that:
> PS. It does not work with ssh.  I have not tried it with ftp either,
> but telnet and rlogin work and it might add a little spice to 'su'
> too. ;)

This is no longer true.  FTP worked when I did try it and with the
'fd=' module argument, it can be made to work with sshd.  You may have
to play a little for this to work for you.

Previously, I made the claim that:
> PPS.  I strongly suspect it can be trivially spoofed locally by
> running a series of programs that mess with the standard
> input/output.  But I'd be interested to learn of any method for
> patching over anything you devious people can suggest...

This is indeed the case.  However, the module is still pretty good as
a diagnostic/auditing tool.  The module can be compiled as a stand
alone program (just type 'make') and should be run as root.  In this
mode it can be used to look at various running programs and their
parents: its all quite fun, really, so read the README and enjoy!

Cheers

Andrew
-- 
Transmeta Corporation



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []