On Wed, Dec 19, 2007 at 09:28:22AM -0500, Matthias Clasen wrote: > On Wed, 2007-12-19 at 15:22 +0100, Patrice Dumas wrote: > > Anyway why not do a pam module such that all the login systems (be it > > wdm, xdm, console login...) can benefit from it? We have a wondefully > > modular system for everything that can take place on login, this would > > ease life for a lot of people, and allow for choice of UI instead of > > tying those who don't have the money to pay programmers to UI they don't > > like. > > Don't let Nalin hear that... I recommend against using PAM as a place to be launching arbitrary processes. The environment in which a module runs is just way too underspecified to be dependable for doing that. Environment, privilege level, signal handling, none of it's guaranteed by the specification [1]. If you fork a process (from a module, which is loaded by a shared library, with the calling application having no idea of what to expect), you have to be _very_ careful about how you do it, and how you handle its termination, and how all of that interacts with what the calling appliction's already doing. Even for the modules which are careful about this, we still run into bugs. And many modules aren't careful. Sure, maybe we need something that'll serve the function of launching random stuff for you when you log in, but I don't think that PAM is it. HTH, Nalin [1] http://www.opengroup.org/tech/rfc/mirror-rfc/rfc86.0.txt -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
