[PATCH] Support ambient capability vector in Linux PAM
djm at mindrot.org
Sat Oct 2 11:21:16 AEST 2021
On Fri, 1 Oct 2021, Björn Fischer wrote:
> Hello everyone,
> originating from this discussion
> and the work recently done in Linux libcap
> I would like to propose this patch to support the ambient
> capability vector in Linux PAM + libcap-2.58+.
> Background for this is that the setuid() systemcall drops
> all ambient capabilities for obvious security reasons. So,
> to support the ambient vector by using pam_cap.so in any
> login procedure, capabilites have to be set _after_ the
> last call to setuid(), which leaves the PAM cleanup code
> path as the only option.
> Calling pam_end() with PAM_DATA_SILENT is documented in
> Concerned about portability I am unsure if testing for
> PAM_DATA_SILENT is sufficient or if __LINUX_PAM__ should be
I guess my only concern is that this would cause pam_end() to
potentially be called multiple times, once in the parent process
(without PAM_DATA_SILENT) and zero to many times in child session
E.g. a forwarding-only session might have no child session process,
whereas a multiplexed connection might have many child processes,
all of which will share the same pam_handle.
How will PAM cope with this?
More information about the openssh-unix-dev