Subject: Re: Using __progname for PAM service names in pam_start()
To: Jason Thorpe <email@example.com>
From: David Brownlee <abs@NetBSD.org>
Date: 06/14/2007 14:03:10
On Wed, 13 Jun 2007, Jason Thorpe wrote:
> On Jun 13, 2007, at 10:01 AM, Christos Zoulas wrote:
>> In article <20070613135731.GE1779@britannica.bec.de>,
>> Joerg Sonnenberger <firstname.lastname@example.org> wrote:
>>> On Wed, Jun 13, 2007 at 07:19:28AM +0000, Emmanuel Dreyfus wrote:
>>>> Anyone sees an objection to the system-wide replacement of the pam_start
>>>> first argument (PAM service name) by __progname? I see only benefits
>>> How does this interact with calling e.g. su with
>>> execlp("/usr/bin/su", "ftpd");
>>> I think this creates a security issue.
>> Probably does...
> I agree. I think it's safest for the app to hard-code the service name into
> the call to avoid impersonation problems like this. And we should fix sshd
> to do so.
One variation might be to allow a different name if it starts with
the original name. eg, you can call ftpd 'ftpd-moose' or 'ftpd2',
but not 'myftpd'.
Taht is if the feature is deemed useful enough for the effort.
David/absolute -- www.NetBSD.org: No hype required --