pam + privileges

Ben Lindstrom mouring at etoh.eviladmin.org
Wed Apr 30 23:25:20 EST 2003


On Wed, 30 Apr 2003, James Williamson wrote:

[..]
> > Absolutely, our goal is to have as little as possible code running with
> > root privileges.
> >
> > Whether pam_session should run with root is a matter of debate though.
> > Have a look through bugzilla.mindrot.org, there is a bug open for this.
> >
>
> Thanks,
>
> I've had a look at the 'bug'. Rather than using setuid, why not use
> setreuid or seteuid to temporarily give up privileges? This is how sendmail
> handles the 'run as root as infrequently as possible' issue. If I write a
> patch
> is it likely to be accepted?
>

I suggest you read the following.   This explains how we handle code that
requires root security.

http://www.citi.umich.edu/u/provos/ssh/privsep.html

- Ben




More information about the openssh-unix-dev mailing list