Subject: Re: X server uses PAM?
To: Jason Thorpe <firstname.lastname@example.org>
From: Christos Zoulas <email@example.com>
Date: 02/24/2005 11:56:17
On Feb 24, 8:41am, firstname.lastname@example.org (Jason Thorpe) wrote:
-- Subject: X server uses PAM?
| On Feb 24, 2005, at 6:56 AM, Christos Zoulas wrote:
| > Module Name: src
| > Committed By: christos
| > Date: Thu Feb 24 14:56:55 UTC 2005
| > Modified Files:
| > src/share/mk: bsd.own.mk
| > Log Message:
| > Don't disable PAM when MKPIC=no. PAM should work with static
| > libraries, and
| > this breaks PAM on programs that decide not to use PIC libraries, such
| > as
| > the X server.
| What does the X server use PAM for?
| Anyway, static PAM libraries are going to provide only a minimum amount
| of functionality. Furthermore, why is the X server not using
| PIC/shared libraries?
I should explain a bit more. The Xserver sets MKPIC=no so that it does
not make PIC libraries for its internal libraries. It does not mean
that it is statically linked. Of course setting MKPIC=no in the Xserver
is a bit of a broad sword, but in anycase it should not affect PAM.
This is what this commit is about.
-lpam.0 => /usr/lib/libpam.so.0
-lXau.6 => /usr/X11R6/lib/libXau.so.6
-lXdmcp.6 => /usr/X11R6/lib/libXdmcp.so.6
-lz.0 => /usr/lib/libz.so.0
-lm.0 => /usr/lib/libm387.so.0
-lm.0 => /usr/lib/libm.so.0
-li386.1 => /usr/lib/libi386.so.1
-lc.12 => /usr/lib/libc.so.12
It is used in os/utils.c:
* CheckUserAuthorization: check if the user is allowed to start the
* X server. This usually means some sort of PAM checking, and it is
* usually only done for setuid servers (uid != euid).
We ship with our Xserver suid root.