In message <200309081818.h88IIEP16844@srapc342.sra.co.jp>, Noriyuki Soda writes
:
>>>>>> On Mon, 08 Sep 2003 13:06:25 -0500,
>	seebs@plethora.net (Peter Seebach) said:
>> With PAM, every new screen saver needs to be setuid root

>That's not true.
>See my description about a setuid wrapper program.

Ahh, but this won't work - the whole point of PAM is that the actual
program needing authentication has to have the PAM module in its address
space so the client's address space can be altered.  If, in fact, a setuid
wrapper program is sufficient for PAM, then we can do PAM-over-BSD-auth.

>> The option of giving calling programs only those permissions they need to
>> perform their function, rather than every permission they could possibly need
>> to run an authenticator, is a HUGE feature from a security standpoint.  If
>> I want to write a little dongle that just locks my terminal, it can run with
>> just *my* priviliges, no matter what the authentication scheme is.

>That's not true, either. Most programs (except screensavers) still
>need root privilege for authorization.

No, they need to use root privileges to do something once authorized.
However, the authorization itself doesn't require privs, and they may be able
to get away with much less than root privs.

-s