New PAM code landing (at last)
Frank Cusack
fcusack at fcusack.com
Sun May 11 07:25:46 EST 2003
On Sat, May 10, 2003 at 09:51:57PM +1000, Damien Miller wrote:
> > Are there any plans to fix the "PAM needs to run as root in the session
> > stage"
> > as raised by me a few weeks ago.
> > I'm no expert on PAM and I understand the security
> > implications but surely as someone mentioned earlier support for PAM is
> > effectively
> > broken without this.
>
> I think that this may be very difficult to do with privsep, as we have
> long since given up root privs by the time we start the session. Of
> course, I'd like to be proved wrong...
The FreeBSD diff, as posted a few months ago, did exactly this. What
has changed since then?
/fc
More information about the openssh-unix-dev
mailing list