New PAM code landing (at last)
Frank Cusack
fcusack at fcusack.com
Sun May 11 17:57:03 EST 2003
On Sun, May 11, 2003 at 08:29:28AM +0100, James Williamson wrote:
> I'm no security expect and I don't really understand the ramifications of
> doing
> so but why can't the non priv process do a seteuid() to the non root user
> where
> permanently_set_uid is called. Then keep running until the time the pam
> session
> stuff needs to be done, revert back to root privileges during this stage
> (session)
> and then finally give all privileges away for ever - setuid().
It doesn't insulate you from privilege escalation.
/fc
ps. please format your email to 74 chars
More information about the openssh-unix-dev
mailing list