Subject: Re: PAM vulnerability in portable OpenSSH
To: =?ISO-8859-1?Q?Dag-Erling_Sm=F8rgrav?= <email@example.com>
From: Damien Miller <firstname.lastname@example.org>
Date: 10/01/2003 11:02:51
(please note that I am not subscribed to current-users, so please Cc me
on replies - thansk)
Dag-Erling Smørgrav wrote:
> Damien Miller <email@example.com> writes:
>>3. Differences between vendors' implementations. Solaris PAM passes
>>message arguments differently to LinuxPAM and OpenPAM.
> No, it does not.
Then why have we had to use PAM_MSG_MEMBER hacks in portable OpenSSH
for over three years?
Solaris PAM (at least historically) has passed the prompts to a
conversation function as a pointer to an array of struct pam_message.
Linux PAM and OpenPAM pass prompts as an array of pointers to struct
The PAM spec is silent on the meanings of the arguments to the
conversation function (a really sad state of affairs for a security
technology). Worse, I haven't seen the various PAM vendors make any
serious effort to work out the inconsistencies or work on a unified
portability document - I'd love to see one if it exists.
> I have the source code in front of me.
Which source code? The Sun sample pam module, which dodges the issue
by only generating a single prompt?