[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: userid and groups questions



On 23 Sep 1999 tvaughan@aventail.com wrote:

> Let's say in order to be authenticated, someone has to provide three sets
> of credentials: a one-time password, a Social Security Number, and a static
> password. But if each of these modules is allowed to get and set the userid
> and the user id is set after all authentication modules have been run, then
> you could have something like:

>         User ID: alice
>         alice's one-time password: 0x0f0f0f0f

>         User ID: alice
>         alice's SSN: 555-55-5555

>         User ID: bob
>         bob's password: gr8passwd

>         <set user id = bob>

>         Welcome to service bob.

> Which means in order to compromise an identity, all I have to do is
> compromise the last authentication module.

Ok, I give up.  Why would a module that's checking a user's SSN change the
userid?

Just because someone could conceivably write a braindead/malicious PAM
module that changes userids when it shouldn't, or because an administrator
could misconfigure his PAM settings so that there are exploitable loopholes,
doesn't mean that modules shouldn't be /able/ to change the uid.  And
realistically, if the application runs as root there's not much libpam can
do anyway to stop a module from changing the uid if that's what the module
writer thinks needs to happen.

-Steve Langasek
postmodern programmer



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []