New PAM code landing (at last)

James Williamson james at
Sun May 11 17:29:28 EST 2003

> Frank Cusack wrote:
> > On Sat, May 10, 2003 at 09:51:57PM +1000, Damien Miller wrote:
> >
> >>I think that this may be very difficult to do with privsep, as we have
> >>long since given up root privs by the time we start the session. Of
> >>course, I'd like to be proved wrong...
> >
> > The FreeBSD diff, as posted a few months ago, did exactly this.  What
> > has changed since then?
> The FreeBSD PAM code doesn't touch the session setup. Never did IIRC.
> -d

I've scanned the code and the PAM stuff is actually broken despite the
The credentials stage is actually called after the session stage which runs
to what the linux pam docs specify (i.e. it should be done before).

I'm no security expect and I don't really understand the ramifications of
so but why can't the non priv process do a seteuid() to the non root user
permanently_set_uid is called. Then keep running until the time the pam
stuff needs to be done, revert back to root privileges during this stage
and then finally give all privileges away for ever - setuid(). It's good
enough for


James Williamson
Tel: +44 208 7415453
Fax: + 44 208 7411615

More information about the openssh-unix-dev mailing list