Subject: Re: BSD auth for AFS
To: NetBSD Security Technical Discussion List <tech-security@NetBSD.ORG>
From: Jason Thorpe <firstname.lastname@example.org>
Date: 09/13/2003 00:07:49
On Friday, September 12, 2003, at 10:58 PM, Greg A. Woods wrote:
> [I believe I do know the level of difficulty, and even if I understand
> only minimally then indeed it isn't very difficult at all.
> The overall the process is still identical to the way AFS authorization
> works today. All we're doing is telling the kernel to create the
> initial Process Authentication Group (PAG) for a different process than
> the caller. I.e. we're either modifying setpag(2) to take a PID
> parameter, or we're creating a variant called something like
> setpag_parent(2). We're not creating a PAG and then assigning it to
> some other process so there's no chance for abuse by the superuser.
But you've over-simplified the problem. Sure, you're suggesting a
solution for this *one specific case*. But you are NOT solving the
general problem, which is that BSD Auth is fundamentally incapable of
modifying the context of the process requesting the authentication,
which is a capability that is sometimes necessary and which PAM has.
-- Jason R. Thorpe <email@example.com>