[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

module unload?



I noticied some strange thing.
Then I use login, su or other pamified app that implements session management,
it will execute, say, shell, and waits for it to terminate:

 $ su -
 Password: ...
 # ps
   PID TTY          TIME CMD
 25989 pts/0    00:00:00 su  <---
 ^^^^^
 25990 pts/0    00:00:00 sh
 26008 pts/0    00:00:00 ps
 # _

But:
 # lsof /lib/security/pam_cracklib.so
 COMMAND   PID USER  FD   TYPE DEVICE  SIZE NODE NAME
 su      25989 root mem    REG    3,1 25041 5942 /lib/security/pam_cracklib.so
         ^^^^^
 # _

So, pam_cracklib (just an example -- my "favorite" module) is loaded by su.
But this module is not responsible for session management, it is
not responsible even for autentification!

Hence the (expected) question ...
Why libpam loads all modules (here is more example:
 # lsof /lib/security/*.so | fgrep 25989
 su      25989 root mem    REG    3,1  4799 5911 /lib/security/pam_deny.so
 su      25989 root mem    REG    3,1 38801 5939 /lib/security/pam_pwdb.so
 su      25989 root mem    REG    3,1 25041 5942 /lib/security/pam_cracklib.so
 su      25989 root mem    REG    3,1 16674 5938 /lib/security/pam_xauth.so
here is all modules listed in /etc/pam.d/su!),
and why it does not unloads them on session start?

And a small related question.  Is it ok to use static data in pam modules?
As I see in pam_cracklib (again), there is no static data here, all variables
are in stack. For this particular case (just curious), is it ok to have
module options (from command line) in some static area and parse this just once,
when PAM_PRELIM_CHECK is set in flags, and use already parsed line when
PAM_UPDATE_AUTHTOK is set?

Regards,
  Michael.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []