Re: user rights of pam_modules?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Nov 21, 2002 at 11:03:56AM +0100, Klaas Hagemann wrote:
> Hi Florian,
> 
> the priviledge sepearation was the point, thanks a lot.
> Í have never heard of these option. Maybe someone can explain me, what could
> happen, when i turn it off?

future vulnerabilities found in sshd will most likly result in root
comprimise if you turn privsep off, and will most likly be
unexploitable if you leave it on.

note that nothing in the pam docs/specs requires that pam session
modules run as root, thats an assumption made by module developers
since most programs using pam have run session modules as root.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp00056.pgp
Description: PGP signature


[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux