From owner-freebsd-hackers  Tue Aug  4 21:59:14 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA09285
          for freebsd-hackers-outgoing; Tue, 4 Aug 1998 21:59:14 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from antipodes.cdrom.com (castles85.castles.com [208.214.165.85])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA09273
          for <hackers@FreeBSD.ORG>; Tue, 4 Aug 1998 21:59:09 -0700 (PDT)
          (envelope-from mike@antipodes.cdrom.com)
Received: from antipodes.cdrom.com (localhost [127.0.0.1])
	by antipodes.cdrom.com (8.8.8/8.8.5) with ESMTP id VAA00654;
	Tue, 4 Aug 1998 21:58:01 -0700 (PDT)
Message-Id: <199808050458.VAA00654@antipodes.cdrom.com>
X-Mailer: exmh version 2.0zeta 7/24/97
To: John Polstra <jdp@polstra.com>
cc: Terry Lambert <tlambert@primenet.com>, hackers@FreeBSD.ORG
Subject: Re: PAM4FreeBSD 
In-reply-to: Your message of "Tue, 04 Aug 1998 17:58:39 PDT."
             <199808050058.RAA13063@austin.polstra.com> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 04 Aug 1998 21:58:00 -0700
From: Mike Smith <mike@smith.net.au>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> > Be sure and look at BugTraq and the DOE CICE lists for the Solaris
> > PAM vulnerabilities before bringing it all the way in (PAM accounts
> > for approximately 2/3's of their recent vulnerabilities).
> 
> Will do.  Thanks for the tip.

... and if you want my pet peeve about PAM, it's that the modules have
to be visible and loadable in to the application that wants to
authenticate/admin/etc.

The "right" way (IMHO) to deal with this would be to take a clean slice 
across the PAM API (which is reasonably compact), encapsulate it into a 
nice simple synchronous stream protocol, and then put all the PAM 
library into a daemon.  Use our authenticated socket technology and 
Unix-domain sockets to ensure the integrity of the client-server 
relationship.

This would allow lots of programs (eg. passwd, xlockmore) to be 
installed non-setuid root, since they only ever authenticate their 
owner.  It would also let you run eg. POP daemons non-setuid-root if 
they were granted permission to authenticate, etc.

Anyway, that's my major gripe about PAM as it stands.  That, and the 
lousy quality of most of the free-source modules out there. 8(

-- 
\\  Sometimes you're ahead,       \\  Mike Smith
\\  sometimes you're behind.      \\  mike@smith.net.au
\\  The race is long, and in the  \\  msmith@freebsd.org
\\  end it's only with yourself.  \\  msmith@cdrom.com



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message