tech-userlevel: Re: Using __progname for PAM service names in pam

Subject: Re: Using __progname for PAM service names in pam_start()
To: None <tech-userlevel@netbsd.org>
From: Christos Zoulas <christos@astron.com>
List: tech-userlevel
Date: 06/13/2007 17:01:42

In article <20070613135731.GE1779@britannica.bec.de>,
Joerg Sonnenberger  <joerg@britannica.bec.de> wrote:
>On Wed, Jun 13, 2007 at 07:19:28AM +0000, Emmanuel Dreyfus wrote:
>> Anyone sees an objection to the system-wide replacement of the pam_start
>> first argument (PAM service name) by __progname? I see only benefits here...
>
>How does this interact with calling e.g. su with
>	execlp("/usr/bin/su", "ftpd");
>
>I think this creates a security issue.

Probably does...

christos