[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_mkhomdir fix(ldap, su problem)



On Sun, Jul 06, Ethan Benson wrote:

> On Sun, Jul 06, 2003 at 05:54:58PM -0500, Steve Langasek wrote:
> > 
> > Convince the OpenSSH maintainers that the current behavior is incorrect,
> > and get them to change it.
> 
> who says its incorrect?  not the pam docs.  pam_session running as
> root has always been an assumption.

Where says the pam doc that you can change the rights between
the function calls?

If you look at the RFC, pam_sesseion is called before dropping
privilegs, not after.

And that dropping the priviliges before calling the session 
management is safer is a dream of some people: You have to trust
the PAM module, because you called already some functions from it
before, which are much more critical.

  Thorsten 
-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE Linux AG        Deutschherrnstr. 15-19        D-90429 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []