In message <20030907205029.E1404@snowdrop.l8s.co.uk>, David Laight writes:
>> Understood.  Still, I don't like the idea that a bug in a module can
>> do anything it wants in my address space...
>
>Or that the program can (probably) override anything in libc that the
>PAM code thinks it is calling, and maybe some internal routines as well.
>
>That is, unless it is exceptionally careful of what it lets the dynamic
>linker actually do for it.....

That's sorta scary too.  If the PAM module is allowed to do any kind of
trusted thing...  On the other hand, since it's a loaded module, it can't be
setuid unless you were setuid already, which is some small comfort.

-s