[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_unix_auth cleanup: NIS+ issues


On Wed, Jun 09, Dmitry Panov wrote:

> On Wed, Jun 09, 1999 at 03:45:37PM +0400, Savochkin Andrey Vladimirovich wrote:
> > I wouldn't accept such changes without a deep thought.
> > 
> > UID mangling may much more consequences that lie on a surface.
> > For example, seteuid(pw->pw_uid) call implies that user with uid pw->pw_uid
> > may send signals to the application calling pam_auth.
> > Different signals (SIGSTOP, SIGPIPE, SIGURG, SIGALRM) may have different
> > funny results for FTP server and other applications.
> You mean this is a security issue? May be.
> Anyway, uid mangling is not my invention. It was in PAM 0.65. And, according
> to truss output, Solaris login program does the same mangling. Moreover is 
> does it three times during authentication.
> I asked Thorsten Kukuk if uid mangling necessary and I'm waiting for reply.

It is necessary, or you couldn't get the password if you set up
the NIS+ passwd table in a secure way.


Thorsten Kukuk      http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE GmbH           Schanzaeckerstr. 10             90443 Nuernberg
Linux is like a Vorlon.  It is incredibly powerful, gives terse,
cryptic answers and has a lot of things going on in the background.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []