[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Open Xlock as root



On Fri, 3 Dec 1999, Scott Nelson wrote:

> xlock auth sufficient /lib/security/pam_pwdb shadow
> xlock auth required   /lib/security/pam_asuser root /lib/security/pam_pwdb shadow

You'd need to protect your system against a rogue quasi-PAM program
loading pam_asuser.so and telling it to run /home/badguy/sploit.so
as root for instance. I think the concept of pam_asuser (at least if
used to grant more privileged rather than to revoke them) is bogus.


On Tue, 7 Dec 1999 william.evans@computer.org wrote:

>     auth       sufficient   /lib/security/pam_checkuser root
>     auth       required     /lib/security/pam_pwdb shadow

You'd need to make sure a bad guy cannot abuse this to crack luser's
passwords with high efficiency and low risk of being detected.


--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []