On Sun, Jul 06, 2003 at 08:35:38PM -0800, Ethan Benson wrote: > On Sun, Jul 06, 2003 at 05:54:58PM -0500, Steve Langasek wrote: > > Convince the OpenSSH maintainers that the current behavior is incorrect, > > and get them to change it. > who says its incorrect? not the pam docs. pam_session running as > root has always been an assumption. I say it's incorrect; because if it's not incorrect, it's nevertheless all but useless. pam_mkhomedir: create user homedir upon session start. Requires write-access to a directory that /should/ be root-only writeable. pam_radius: logs connection information to a RADIUS accounting server. Requires access to the RADIUS shared secret. Root-only. pam_console: grant locally logged-in users access to certain devices. Requires root access to change file permissions. pam_lastlog: writes to /var/log/lastlog. Root only. And strangely, I can't find such a module at the moment; but another obvious application for open/close session is utmp/wtmp logging. So as long as you only care about trivial modules like pam_mail and pam_env, sure; running pam_session without privileges works just fine. > its less convenient, but also much safer, always a tradeoff. So don't run untrusted PAM modules. This choice should be made by the administrator, not by the programmer. -- Steve Langasek postmodern programmer
Attachment:
pgp00097.pgp
Description: PGP signature
