On 1063494471 seconds since the Beginning of the UNIX epoch
Jun-ichiro itojun Hagino wrote:
>
>	one of the benefit of BSD auth (which has not been mentioned here)
>	is that it can reduce the number of setuid root programs directly
>	invoked from the user.  programs that needs authentication just need
>	to be setgid "auth" (to access authentication programs under
>	/usr/libexec/auth).  authentication logic
>	(i.e. /usr/libexec/auth/login_passwd) works in separate address space,
>	so there's less chance for bad guys to trick them.
>	with PAM, setuid programs(like /usr/bin/login) needs to stay setuid
>	root, and they have to introduce dlopen() which can open up a can
>	of worms.

There is nothing about PAM which limits you to being setuid root.
You can exec helpers or talk to local domain sockets either from
the modules or from the main framework.  I believe that LinuxPAM
already does this---or at least it documents that it does.

Also, programs like login(1) or su(1) are not good examples because
they must be setuid root anyway to change the uid upon successful
authentication.

--
    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/