pam session as root

Michael Stone mstone at cs.loyola.edu
Fri Jun 28 02:24:35 EST 2002


On Thu, Jun 27, 2002 at 09:01:58AM -0700, Darren J Moffat wrote:
> Matthew Vernon wrote:
> > I believe that the original PAM authors intended pam_session to be run
> > as root. Whether this is sensible or not is left as an exercise...
> 
> The application calling the PAM API needs to run with sufficient 
> privelge for all of the configured service modules to do their job. 
> This does not necesarily mean root, but it does degenerate to root on 
> most systems that use PAM.
> 
> In Solaris that means that all PAM functions must be called as root.

What I was trying to get at was whether, setting aside the question of
whether pam sessions should/must be run as root, is it 1) possible to do
this in the privsep model, 2) possible to do securely in the privsep
model, and 3) possible to do in the privsep model without breaking other
functionality. The first patch someone pointed me at failed 3). Does
anyone else have any ideas?  Discussions of whether it's necessary to do
so are premature if it can't be done in the first place. (It is, of
course, already possible to disable privsep and run pam sessions as
root, so the question is in the integration of privsep & pam.)

-- 
Mike Stone



More information about the openssh-unix-dev mailing list