Subject: Re: integrating PAM
To: NetBSD-current Discussion List <current-users@NetBSD.ORG>
From: Greg A. Woods <email@example.com>
Date: 01/27/2003 18:46:49
[ On Monday, January 27, 2003 at 17:14:57 (-0500), David Maxwell wrote: ]
> Subject: Re: integrating PAM
> Okay, you've stated a point about the difference between the two. I
> don't see any explanation of why (in this context) a three process team
> with pipes is simpler (or better) than a function call into a shared
Three small processes, with the important one running without root
privileges, is clearly a hell of a lot better than two massive processes
which chain together (dynamic loader and the program itself plus all the
associated shared libraries, half the code of which won't be used but
which has to be mapped into the process address space anyway) and then
has to run as root.
Pipes have been a proven, simple, secure IPC mechanism for over 25 years.
Multiple separate communicating processes uses the Unix security model
to its advantage -- instead of lumping everything in as root and hoping
for bug-free execution.
Greg A. Woods
+1 416 218-0098; <firstname.lastname@example.org>; <email@example.com>
Planix, Inc. <firstname.lastname@example.org>; VE3TCP; Secrets of the Weird <email@example.com>