New PAM code landing (at last)

Frank Cusack fcusack at
Sun May 11 17:57:03 EST 2003

On Sun, May 11, 2003 at 08:29:28AM +0100, James Williamson wrote:
> I'm no security expect and I don't really understand the ramifications of
> doing
> so but why can't the non priv process do a seteuid() to the non root user
> where
> permanently_set_uid is called. Then keep running until the time the pam
> session
> stuff needs to be done, revert back to root privileges during this stage
> (session)
> and then finally give all privileges away for ever - setuid().

It doesn't insulate you from privilege escalation.

ps. please format your email to 74 chars

More information about the openssh-unix-dev mailing list