[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: user rights of pam_modules?



On Thu, Nov 21, 2002 at 11:03:56AM +0100, Klaas Hagemann wrote:
> Hi Florian,
> 
> the priviledge sepearation was the point, thanks a lot.
> Í have never heard of these option. Maybe someone can explain me, what could
> happen, when i turn it off?

future vulnerabilities found in sshd will most likly result in root
comprimise if you turn privsep off, and will most likly be
unexploitable if you leave it on.

note that nothing in the pam docs/specs requires that pam session
modules run as root, thats an assumption made by module developers
since most programs using pam have run session modules as root.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp00002.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []