tech-userlevel: Re: Using __progname for PAM service names in pam

Subject: Re: Using __progname for PAM service names in pam_start()
To: Christos Zoulas <christos@astron.com>
From: Jason Thorpe <thorpej@shagadelic.org>
List: tech-userlevel
Date: 06/13/2007 17:52:54

On Jun 13, 2007, at 10:01 AM, Christos Zoulas wrote:

> In article <20070613135731.GE1779@britannica.bec.de>,
> Joerg Sonnenberger  <joerg@britannica.bec.de> wrote:
>> On Wed, Jun 13, 2007 at 07:19:28AM +0000, Emmanuel Dreyfus wrote:
>>> Anyone sees an objection to the system-wide replacement of the  
>>> pam_start
>>> first argument (PAM service name) by __progname? I see only  
>>> benefits here...
>>
>> How does this interact with calling e.g. su with
>> 	execlp("/usr/bin/su", "ftpd");
>>
>> I think this creates a security issue.
>
> Probably does...

I agree.  I think it's safest for the app to hard-code the service  
name into the call to avoid impersonation problems like this.  And we  
should fix sshd to do so.

-- thorpej