New PAM code landing (at last)

Frank Cusack fcusack at fcusack.com
Sun May 11 07:25:46 EST 2003


On Sat, May 10, 2003 at 09:51:57PM +1000, Damien Miller wrote:
> > Are there any plans to fix the "PAM needs to run as root in the session
> > stage"
> > as raised by me a few weeks ago.
> > I'm no expert on PAM and I understand the security
> > implications but surely as someone mentioned earlier support for PAM is
> > effectively
> > broken without this.
> 
> I think that this may be very difficult to do with privsep, as we have
> long since given up root privs by the time we start the session. Of
> course, I'd like to be proved wrong...

The FreeBSD diff, as posted a few months ago, did exactly this.  What
has changed since then?

/fc




More information about the openssh-unix-dev mailing list