New PAM code landing (at last)

James Williamson james at nameonthe.net
Sun May 11 17:29:28 EST 2003


> Frank Cusack wrote:
> > On Sat, May 10, 2003 at 09:51:57PM +1000, Damien Miller wrote:
> >
> >>I think that this may be very difficult to do with privsep, as we have
> >>long since given up root privs by the time we start the session. Of
> >>course, I'd like to be proved wrong...
> >
> > The FreeBSD diff, as posted a few months ago, did exactly this.  What
> > has changed since then?
>
> The FreeBSD PAM code doesn't touch the session setup. Never did IIRC.
>
> -d
>

I've scanned the code and the PAM stuff is actually broken despite the
privileges.
The credentials stage is actually called after the session stage which runs
contra
to what the linux pam docs specify (i.e. it should be done before).

I'm no security expect and I don't really understand the ramifications of
doing
so but why can't the non priv process do a seteuid() to the non root user
where
permanently_set_uid is called. Then keep running until the time the pam
session
stuff needs to be done, revert back to root privileges during this stage
(session)
and then finally give all privileges away for ever - setuid(). It's good
enough for
sendmail?

Regards,

James Williamson
www.nameonthe.net
Tel: +44 208 7415453
Fax: + 44 208 7411615








More information about the openssh-unix-dev mailing list