pam modules and setuid actions
Seven Reeds
seven.reeds at gmail.com
Wed Mar 13 17:00:42 UTC 2013
Thanks Thomas. I had not seen it stated anywhere about the effective
0 uid. That is not the behaviour I am seeing and as you say, broken
calling apps may muck this up.
I'm going to write my own setuid executable and use pam_exec. thanks all
On Wed, Mar 13, 2013 at 11:39 AM, Tomas Mraz <tmraz at redhat.com> wrote:
>
> PAM session modules (that is the modules configured in the session stack
> and called through the pam_sm_open_session() and pam_sm_close_session())
> expect to be called with effective uid == 0. So there should be no need
> to add any setuid helper for this functionality. Of course there might
> be non-compliant applications that call the session modules with regular
> user id but other modules will be broken for them as well.
> --
> Tomas Mraz
> No matter how far down the wrong road you've gone, turn back.
> Turkish proverb
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
More information about the Pam-list
mailing list