On Fri, 1 Oct 2021, Björn Fischer wrote: > Hello everyone, > > originating from this discussion > > https://github.com/shadow-maint/shadow/pull/408 > > and the work recently done in Linux libcap > > https://bugzilla.kernel.org/show_bug.cgi?id=214377#c3 > > I would like to propose this patch to support the ambient > capability vector in Linux PAM + libcap-2.58+. > > Background for this is that the setuid() systemcall drops > all ambient capabilities for obvious security reasons. So, > to support the ambient vector by using pam_cap.so in any > login procedure, capabilites have to be set _after_ the > last call to setuid(), which leaves the PAM cleanup code > path as the only option. > > Calling pam_end() with PAM_DATA_SILENT is documented in > > http://www.linux-pam.org/Linux-PAM-html/adg-interface-by-app-expected.html#adg-pam_end > > Concerned about portability I am unsure if testing for > PAM_DATA_SILENT is sufficient or if __LINUX_PAM__ should be > preferred. I guess my only concern is that this would cause pam_end() to potentially be called multiple times, once in the parent process (without PAM_DATA_SILENT) and zero to many times in child session processes. E.g. a forwarding-only session might have no child session process, whereas a multiplexed connection might have many child processes, all of which will share the same pam_handle. How will PAM cope with this? -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
