Re: pam modules and setuid actions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Thomas.  I had not seen it stated anywhere about the effective
0 uid.  That is not the behaviour I am seeing and as you say, broken
calling apps may muck this up.

I'm going to write my own setuid executable and use pam_exec.  thanks all



On Wed, Mar 13, 2013 at 11:39 AM, Tomas Mraz <tmraz@xxxxxxxxxx> wrote:
>
> PAM session modules (that is the modules configured in the session stack
> and called through the pam_sm_open_session() and pam_sm_close_session())
> expect to be called with effective uid == 0. So there should be no need
> to add any setuid helper for this functionality. Of course there might
> be non-compliant applications that call the session modules with regular
> user id but other modules will be broken for them as well.
> --
> Tomas Mraz
> No matter how far down the wrong road you've gone, turn back.
>                                               Turkish proverb
>
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list


[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux