On Feb 24,  8:41am, thorpej@shagadelic.org (Jason Thorpe) wrote:
-- Subject: X server uses PAM?

| 
| On Feb 24, 2005, at 6:56 AM, Christos Zoulas wrote:
| 
| > Module Name:	src
| > Committed By:	christos
| > Date:		Thu Feb 24 14:56:55 UTC 2005
| >
| > Modified Files:
| > 	src/share/mk: bsd.own.mk
| >
| > Log Message:
| > Don't disable PAM when MKPIC=no. PAM should work with static 
| > libraries, and
| > this breaks PAM on programs that decide not to use PIC libraries, such 
| > as
| > the X server.
| 
| What does the X server use PAM for?
| 
| Anyway, static PAM libraries are going to provide only a minimum amount 
| of functionality.  Furthermore, why is the X server not using 
| PIC/shared libraries?

I should explain a bit more. The Xserver sets MKPIC=no so that it does
not make PIC libraries for its internal libraries. It does not mean
that it is statically linked. Of course setting MKPIC=no in the Xserver
is a bit of a broad sword, but in anycase it should not affect PAM.
This is what this commit is about.

ldd /usr/X11R6/bin/XFree86 
/usr/X11R6/bin/XFree86:
        -lpam.0 => /usr/lib/libpam.so.0
        -lXau.6 => /usr/X11R6/lib/libXau.so.6
        -lXdmcp.6 => /usr/X11R6/lib/libXdmcp.so.6
        -lz.0 => /usr/lib/libz.so.0
        -lm.0 => /usr/lib/libm387.so.0
        -lm.0 => /usr/lib/libm.so.0
        -li386.1 => /usr/lib/libi386.so.1
        -lc.12 => /usr/lib/libc.so.12

It is used in os/utils.c:

/*  
 * CheckUserAuthorization: check if the user is allowed to start the
 * X server.  This usually means some sort of PAM checking, and it is
 * usually only done for setuid servers (uid != euid).
 */ 

We ship with our Xserver suid root.

christos