[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: further modifications to mod_auth_pam.c



Michael K. Johnson wrote:
> Chris Dent writes:
> >My modifications allow the
> >pam service name to be listed in the .htaccess file[...]
> 
> How secure is this practice?  I've noticed that this has been added
> to several applications; I have a policy of not putting this capability
> in apps that I've pamified for Red Hat Linux because I'm of the opinion
> that putting this choice anywhere where users can get at it is a bad
> idea.
> 
> I can't say that it would be exploitable, but I worry about it.  Have
> people been carefully considering this issue before adding this feature
> to apps?

A good thing to worry about.  I discovered a long time ago that basing the
service name on the filename of the application was a (very) bad idea for
exactly this reason (symlinks).  This idea was so bad that I even mentioned
it in the application writers' guide.

That said, it is useful for an application to have more than one service
name.. My feelings are to use something like the method in passwd from
SimplePAMApps.  Basically, you can supply a service-name suffix ->
generating passwd"suffix-u-like" as the service name etc. . (Only "approved"
sufixes are permitted: these are contained in an optional configuration
file.)

Cheers

Andrew
-- 
               Linux-PAM, libpwdb, Orange-Linux and Linux-GSS
                  http://parc.power.net/morgan/index.html
       [ For those that prefer FTP  ---  ftp://ftp.lalug.org/morgan ]



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []