[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_unix_auth cleanup: NIS+ issues



On Wed, Jun 09, 1999 at 03:45:37PM +0400, Savochkin Andrey Vladimirovich wrote:
> I wouldn't accept such changes without a deep thought.
> 
> UID mangling may much more consequences that lie on a surface.
> For example, seteuid(pw->pw_uid) call implies that user with uid pw->pw_uid
> may send signals to the application calling pam_auth.
> Different signals (SIGSTOP, SIGPIPE, SIGURG, SIGALRM) may have different
> funny results for FTP server and other applications.

You mean this is a security issue? May be.
Anyway, uid mangling is not my invention. It was in PAM 0.65. And, according
to truss output, Solaris login program does the same mangling. Moreover is 
does it three times during authentication.

I asked Thorsten Kukuk if uid mangling necessary and I'm waiting for reply.

> 
> Regards
> 					Andrey V.
> 					Savochkin
> 

--
Dmitry O Panov         |  mailto:dmitry@tsu.tula.ru
Tula State University  |  http://www.tsu.tula.ru/
Dept. of CS & NIT      |  Fidonet: Dmitry Panov, 2:5022/8.31 aka 2:5022/5.50



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []